Fix out-of-bounds read in serialno matching logic
authorTimothy B. Terriberry <tterribe@xiph.org>
Tue, 12 Sep 2017 21:29:25 +0000 (14:29 -0700)
committerTimothy B. Terriberry <tterribe@xiph.org>
Tue, 12 Sep 2017 22:00:40 +0000 (15:00 -0700)
commitdee76c90f3211734564ff2ee4f34fa64be403777
tree845a66c8d077b5023e28c170fcff53ffc464dd46
parent2c239ebc90d6c105c52b266ad4664a76a4cc2261
Fix out-of-bounds read in serialno matching logic

We very carefully ensured _cur_link + 1 was in bounds, and then
 dereferenced nlinks + 1 (guaranteed to be out of bounds) instead.
Introduced in commit f83675ebbd79.

Thanks to the Google Autfuzz project for the report.

Fixes #2326
src/opusfile.c