Win32 Port
Scott Wheeler
wheeler at kde.org
Tue Jun 20 22:43:35 CEST 2006
On Tuesday 20 June 2006 22:27, Indy Sams wrote:
> This error seems to be in mpegfile.cpp in function:
> long MPEG::File::nextFrameOffset(long position)
>
> This line was allowing i to access an index past the end of the buffer
> for(uint i = 0; i < buffer.size()); i++) {
>
> The fix:
> for(uint i = 0; i < (buffer.size() - 1); i++) {
>
> As long as that doesn't break anything else that should fix the problem.
> (Confirmed on the MP3 that was crashing for Andrew)
Yes, that looks correct. (Notably, for those not looking at the code, because
the next line accesses i + 1.)
I've just committed that. This wasn't often hit because the first part of the
if condition had to be true before it accessed the next byte.
-Scott
--
I support the American war on intelligence.
More information about the taglib-devel
mailing list