$NetBSD: patch-ac,v 1.4 2008/04/20 15:31:03 tonnerre Exp $

Fix wrong boundary check in Speex decoder (CVE-2008-1686).

--- modules/codec/speex.c.orig	2008-03-23 22:41:48.000000000 +0000
+++ modules/codec/speex.c
@@ -332,7 +332,7 @@ static int ProcessInitialHeader( decoder
         msg_Err( p_dec, "cannot read Speex header" );
         return VLC_EGENERIC;
     }
-    if( p_header->mode >= SPEEX_NB_MODES )
+    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
     {
         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
                  "this version of libspeex.", p_header->mode );