From c379950ce08932dec839f18926183c7b05b57d00 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Thu, 13 Jun 2019 18:27:51 +0200
Subject: codec_tags: fix wrong buffer size

Obvious mistake. This reported 44 bytes more data than what was
available. Could cause out of bounds reads. Security researchers would
claim a major victory if they found something like this in more popular
software, and would create a website for it.
---
 demux/codec_tags.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/demux/codec_tags.c b/demux/codec_tags.c
index d111c39ae3..ea6c8fe19d 100644
--- a/demux/codec_tags.c
+++ b/demux/codec_tags.c
@@ -75,7 +75,7 @@ static void map_audio_pcm_tag(struct mp_codec_params *c)
 
         // Compressed formats might use this.
         c->extradata += 22;
-        c->extradata_size += 22;
+        c->extradata_size -= 22;
     }
 
     int bits = c->bits_per_coded_sample;
-- 
cgit v1.2.3