mp3_afh.c: Fix off by one bug

may cause a segfault due to accessing one byte past the memory
mapped file.

diff --git a/mp3_afh.c b/mp3_afh.c
index ffabfe4eb1479b0d57849ddbae65a583d5013760..cf507ec2b371c187e18123b1cdc5e4be07f6547b 100644 (file)
--- a/mp3_afh.c
+++ b/mp3_afh.c
@@ -240,11 +240,9 @@ static int mp3_seek_next_header(unsigned char *map, off_t numbytes, off_t *fpos)
        struct mp3header h, h2;
        long valid_start = 0;
 
-       while (1) {
-               while ((*fpos)++ < numbytes && map[*fpos] != 0xff)
-                       ;
-               if (*fpos >= numbytes)
-                       return 0;
+       for (; *fpos < numbytes; (*fpos)++) {
+               if (map[*fpos] != 0xff)
+                       continue;
                valid_start = *fpos;
                first_len = get_header(map, numbytes, fpos, &h);
                if (first_len <= 0)
@@ -263,6 +261,7 @@ static int mp3_seek_next_header(unsigned char *map, off_t numbytes, off_t *fpos)
                        return first_len;
                }
        }
+       return 0;
 }
 
 static void mp3_get_id3(unsigned char *map, off_t numbytes, off_t *fpos)