From 9e349c1df606678cd496957da139d64eca079da3 Mon Sep 17 00:00:00 2001
From: Ron <ron@debian.org>
Date: Fri, 6 Dec 2013 01:10:41 -0500
Subject: Check the size of the header packet before we look inside it

Signed-off-by: Tristan Matthews <le.businessman@gmail.com>
---
 libspeex/speex_header.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/libspeex/speex_header.c b/libspeex/speex_header.c
index 979fc9f..5d6bb04 100644
--- a/libspeex/speex_header.c
+++ b/libspeex/speex_header.c
@@ -147,20 +147,22 @@ EXPORT SpeexHeader *speex_packet_to_header(char *packet, int size)
    int i;
    SpeexHeader *le_header;
    const char *h = "Speex   ";
-   for (i=0;i<8;i++)
-      if (packet[i]!=h[i])
-      {
-         speex_notify("This doesn't look like a Speex file");
-         return NULL;
-      }
-   
+
    /*FIXME: Do we allow larger headers?*/
    if (size < (int)sizeof(SpeexHeader))
    {
       speex_notify("Speex header too small");
       return NULL;
    }
-   
+
+
+   for (i=0;i<8;i++)
+      if (packet[i]!=h[i])
+      {
+         speex_notify("This doesn't look like a Speex file");
+         return NULL;
+      }
+
    le_header = (SpeexHeader*)speex_alloc(sizeof(SpeexHeader));
    
    SPEEX_COPY(le_header, (SpeexHeader*)packet, 1);
-- 
cgit v1.2.3