The problem is that mp3info is not correctly detecting an mp3 frame
start when probing to see if the file is VBR when determining the
rate.  The issue is that the bitrate is 0xf which is one of the
illegal values and does not exist in the lookup table.  The math done
to the value ends up with a lookup offset of -1.  On older gccs that
was not a fatal error, but gave back something unexpected.  So on
older versions of gcc it calculates things incorrectly, on newer ones
it crashes.


Reproducible: Always
Steps to Reproduce:
1. Run mp3info on a mp3 with some junk on the front



Actual Results:  
mp3info crashes

Expected Results:  
Give information about the mp3.

The following patch fixes it to include some more robust frame checks.

fiji@apollo:~/mp3info> cat sanity_patch.diff
--- mp3info-0.8.4/mp3tech.c     2001-07-16 05:56:52.000000000 -0400
+++ new/mp3tech.c       2004-12-08 11:38:57.759884705 -0500
@@ -243,6 +243,11 @@
     header->copyright=(buffer[3] >> 3) & 0x1;
     header->original=(buffer[3] >> 2) & 0x1;
     header->emphasis=(buffer[3]) & 0x3;
+
+    /* Final sanity checks: bitrate can not be 1111, frequency can not be 11 */
+    if (header->bitrate == 0x0F || header->freq == 0x3) {
+      return 0;
+    }

     return ((fl=frame_length(header)) >= MIN_FRAME_SIZE ? fl : 0);
 }



As a bonus diff, the following patch casts the pointer arithmetic to
avoid a compiler warning.

+++ new/textfunc.c      2004-12-08 12:34:13.412457426 -0500
@@ -235,7 +235,8 @@
                if(*code) {
                        modlen=code-percent+1;
                        if(modlen > 1000) {
-                               printf("Format modifier beginning at position %d too
+long!\n",percent-format);
+                               printf("Format modifier beginning at position %d
too long!\n",
+                                      (int)(percent-format));
                                exit(5);
                        }
                        strncpy(mod,percent,modlen);