From 8e2ef8f9869725906c5d9528e748289a12692aab Mon Sep 17 00:00:00 2001
From: "v.audacity" <v.audacity@47890b92-0858-11df-a26f-8b716316a5bc>
Date: Wed, 21 Sep 2011 06:04:10 +0000
Subject: [PATCH] bug 451 (P2,
 http://bugzilla.audacityteam.org/show_bug.cgi?id=451) Failsafe read of
 "numsamples" tag value > "maxsamples" tag value. It's now recognized as an
 error in .aup data.

---
 src/Sequence.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Sequence.cpp b/src/Sequence.cpp
index 4e7a412eb..1efcb5b8c 100644
--- a/src/Sequence.cpp
+++ b/src/Sequence.cpp
@@ -789,7 +789,14 @@ bool Sequence::HandleXMLTag(const wxChar *tag, const wxChar **attrs)
             mSampleFormat = (sampleFormat)nValue;
          }
          else if (!wxStrcmp(attr, wxT("numsamples")))
+         {
+            if (nValue > mMaxSamples) // Disallow "numsamples" tag value > "maxsamples" tag value
+            {
+               mErrorOpening = true;
+               return false;
+            }
             mNumSamples = nValue;
+         }
       } // while
 
       //// Both mMaxSamples and mSampleFormat should have been set.