From: Jeff Mahoney <jeffm@suse.com>
Subject: id3lib: Fix stack overrun in Mp3Info::Parse

 VBR_HEADER_MAX_SIZE is currently set to 116, but vbr_header_size can
 add up to 120. This was causing stack overruns on my system.

 The following patch sets the max size appropriately.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 src/mp3_parse.cpp |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/mp3_parse.cpp
+++ b/src/mp3_parse.cpp
@@ -467,7 +467,7 @@ bool Mp3Info::Parse(ID3_Reader& reader,
   // from http://www.xingtech.com/developer/mp3/
 
   const size_t VBR_HEADER_MIN_SIZE = 8;     // "xing" + flags are fixed
-  const size_t VBR_HEADER_MAX_SIZE = 116;   // frames, bytes, toc and scale are optional
+  const size_t VBR_HEADER_MAX_SIZE = 120;   // frames, bytes, toc and scale are optional
 
   if (mp3size >= vbr_header_offest + VBR_HEADER_MIN_SIZE) 
   {