From 63869c9e176b197ff9c87e0675343a4a77bfa453 Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard@netgear.com>
Date: Thu, 1 Sep 2011 01:16:22 +0000
Subject: [PATCH] * Fix an invalid read if the last RIFF tag is an integer
 value.

---
 tagutils/tagutils-wav.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tagutils/tagutils-wav.c b/tagutils/tagutils-wav.c
index 61a1f6c..b5ac8c2 100644
--- a/tagutils/tagutils-wav.c
+++ b/tagutils/tagutils-wav.c
@@ -148,7 +148,7 @@ _get_wavtags(char *filename, struct song_metadata *psong)
 			if(len > 65536)
 				goto next_block;
 
-			tags = malloc(len);
+			tags = malloc(len+1);
 			if(!tags)
 				goto next_block;
 
@@ -158,6 +158,7 @@ _get_wavtags(char *filename, struct song_metadata *psong)
 				free(tags);
 				goto next_block;
 			}
+			tags[len] = '\0';
 
 			off = 4;
 			p = tags + off;
@@ -165,7 +166,7 @@ _get_wavtags(char *filename, struct song_metadata *psong)
 			{
 				taglen = GET_WAV_INT32(p + 4);
 
-				//DEBUG DPRINTF(E_DEBUG, L_SCANNER, "%.*s: %.*s\n", 4, p, taglen, p + 8);
+				//DEBUG DPRINTF(E_DEBUG, L_SCANNER, "%.*s: %.*s (%d)\n", 4, p, taglen, p + 8, taglen);
 				m = NULL;
 				if (taglen > 2048) {
 					DPRINTF(E_WARN, L_SCANNER, "Ignoring long tag [%.*s] in %s\n",