From de4172dab20c58719921b5fdd2b9611a796bda6d Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Thu, 22 Mar 2007 16:09:07 +0100
Subject: [PATCH] mp3_afh.c: Fix off by one bug

may cause a segfault due to accessing one byte past the memory
mapped file.
---
 mp3_afh.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/mp3_afh.c b/mp3_afh.c
index ffabfe4e..cf507ec2 100644
--- a/mp3_afh.c
+++ b/mp3_afh.c
@@ -240,11 +240,9 @@ static int mp3_seek_next_header(unsigned char *map, off_t numbytes, off_t *fpos)
 	struct mp3header h, h2;
 	long valid_start = 0;
 
-	while (1) {
-		while ((*fpos)++ < numbytes && map[*fpos] != 0xff)
-			;
-		if (*fpos >= numbytes)
-			return 0;
+	for (; *fpos < numbytes; (*fpos)++) {
+		if (map[*fpos] != 0xff)
+			continue;
 		valid_start = *fpos;
 		first_len = get_header(map, numbytes, fpos, &h);
 		if (first_len <= 0)
@@ -263,6 +261,7 @@ static int mp3_seek_next_header(unsigned char *map, off_t numbytes, off_t *fpos)
 			return first_len;
 		}
 	}
+	return 0;
 }
 
 static void mp3_get_id3(unsigned char *map, off_t numbytes, off_t *fpos)
-- 
2.39.2