src/aiff.c: Fix a buffer read overflow

Secunia Advisory SA76717. Found by: Laurent Delosieres, Secunia Research at Flexera Software
libsndfile · May 23, 2017 · f833c53 · f833c53
1 parent 66aa47f
commit f833c53
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/aiff.c b/src/aiff.c
@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
 		psf_binheader_readf (psf, "j", dword - bytesread) ;
 
 	if (map_info->channel_map != NULL)
-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
 
 		free (psf->channel_map) ;