From bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.net>
Date: Thu, 14 Dec 2006 15:45:56 +0000
Subject: gst/modplug/libmodplug/sndfile.cpp: Fix potential buffer overflow
 (CVE-2006-4192) (#385788).

Original commit message from CVS:
* gst/modplug/libmodplug/sndfile.cpp:
Fix potential buffer overflow (CVE-2006-4192) (#385788).
---
 ChangeLog                          | 5 +++++
 gst/modplug/libmodplug/sndfile.cpp | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 68dcd4fa..10367842 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-12-14  Tim-Philipp Müller  <tim at centricular dot net>
+
+	* gst/modplug/libmodplug/sndfile.cpp:
+	  Fix potential buffer overflow (CVE-2006-4192) (#385788).
+
 2006-12-13  Wim Taymans  <wim@fluendo.com>
 
 	* gst/qtdemux/qtdemux.c: (gst_qtdemux_get_duration),
diff --git a/gst/modplug/libmodplug/sndfile.cpp b/gst/modplug/libmodplug/sndfile.cpp
index 5dc14179..23eeac7e 100644
--- a/gst/modplug/libmodplug/sndfile.cpp
+++ b/gst/modplug/libmodplug/sndfile.cpp
@@ -1081,7 +1081,7 @@ UINT CSoundFile::ReadSample(MODINSTRUMENT *pIns, UINT nFlags, LPCSTR lpMemFile,
 {
 	UINT len = 0, mem = pIns->nLength+6;
 
-	if ((!pIns) || (pIns->nLength < 4) || (!lpMemFile)) return 0;
+	if ((!pIns) || ((int)pIns->nLength < 4) || (!lpMemFile)) return 0;
 	if (pIns->nLength > MAX_SAMPLE_LENGTH) pIns->nLength = MAX_SAMPLE_LENGTH;
 	pIns->uFlags &= ~(CHN_16BIT|CHN_STEREO);
 	if (nFlags & RSF_16BIT)
-- 
cgit v1.2.1