From b24cbc68ba10c643cae1bf45e405a3d90f802cf4 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Sun, 6 Mar 2016 23:28:29 +0100
Subject: [PATCH] decoder/dsdiff: fix off-by-one buffer overflow

---
 NEWS                                        | 1 +
 src/decoder/plugins/DsdiffDecoderPlugin.cxx | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 416af1159..1d6762a54 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,6 @@
 ver 0.19.14 (not yet released)
 * decoder
+  - dsdiff: fix off-by-one buffer overflow
   - opus: limit tag size to 64 kB
 * fix build failures on non-glibc builds due to constexpr Mutex
 
diff --git a/src/decoder/plugins/DsdiffDecoderPlugin.cxx b/src/decoder/plugins/DsdiffDecoderPlugin.cxx
index b6c79e11e..99530975d 100644
--- a/src/decoder/plugins/DsdiffDecoderPlugin.cxx
+++ b/src/decoder/plugins/DsdiffDecoderPlugin.cxx
@@ -205,7 +205,7 @@ dsdiff_handle_native_tag(InputStream &is,
 	if (length == 0 || length > 60)
 		return;
 
-	char string[length];
+	char string[length + 1];
 	char *label;
 	label = string;