This patch fixes a buffer overflow bug in id3.c.
I found that sometimes the genre argument to ID3v2TagFile() exceeds 100
(in my test case it was 145).
In this case, sprintf() call in id3.c:L281 overruns the buffer.
The maximum length of the formatted string is 5 (3-digits and two parentheses),
so 6 bytes (five characters + one NULL character) is enough for the buffer.
Hi,
The attached patch worked for me.
This patch fixes a buffer overflow bug in id3.c.
I found that sometimes the genre argument to ID3v2TagFile() exceeds 100
(in my test case it was 145).
In this case, sprintf() call in id3.c:L281 overruns the buffer.
The maximum length of the formatted string is 5 (3-digits and two parentheses),
so 6 bytes (five characters + one NULL character) is enough for the buffer.