From ffd5c2d3d06a0a8061bc5d6235357a402ad3b8ef Mon Sep 17 00:00:00 2001
From: Andrey Akhmichin <15944199+nekonomicon@users.noreply.github.com>
Date: Wed, 25 Jan 2023 04:22:31 +0500
Subject: [PATCH] engine: common: soundlib: libmpg: backport fix for
 CVE-2017-12839.

Original patch: https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?view=patch&r1=2024&r2=4323
Same as: https://github.com/tyabus/xash3d/commit/8a5e21a2a28e7486e601153ab3ca1beb1495308b
---
 engine/common/soundlib/libmpg/getbits.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/engine/common/soundlib/libmpg/getbits.h b/engine/common/soundlib/libmpg/getbits.h
index 350d5ab1..a4e5f165 100644
--- a/engine/common/soundlib/libmpg/getbits.h
+++ b/engine/common/soundlib/libmpg/getbits.h
@@ -47,6 +47,10 @@ static uint getbits( mpg123_handle_t *fr, int number_of_bits )
 {
 	ulong	rval;
 
+	if( (long)(fr->wordpointer-fr->bsbuf)*8
+	    + fr->bitindex+number_of_bits > (long)fr->framesize*8 )
+		return 0;
+
 	rval = fr->wordpointer[0];
 	rval <<= 8;
 	rval |= fr->wordpointer[1];