diff -U0 xmp-3.5.0/docs/ChangeLog.cve-2013-1980 xmp-3.5.0/docs/ChangeLog
--- xmp-3.5.0/docs/ChangeLog.cve-2013-1980 2012-01-27 17:40:58.000000000 +0100
+++ xmp-3.5.0/docs/ChangeLog 2013-04-28 13:05:05.559593911 +0200
@@ -26,0 +27 @@
+ - fix buffer overflow in MASI loader (reported by Douglas Carmichael)
diff -up xmp-3.5.0/src/loaders/masi_load.c.cve-2013-1980 xmp-3.5.0/src/loaders/masi_load.c
--- xmp-3.5.0/src/loaders/masi_load.c.cve-2013-1980 2012-01-21 13:35:14.000000000 +0100
+++ xmp-3.5.0/src/loaders/masi_load.c 2013-04-28 13:04:15.398503982 +0200
@@ -144,9 +144,9 @@ static void get_dsmp(struct xmp_context
i = cur_ins;
m->xxi[i] = calloc(sizeof(struct xxm_instrument), 1);
- fread(&m->xxih[i].name, 1, 34, f);
+ fread(&m->xxih[i].name, 1, 31, f);
str_adj((char *)m->xxih[i].name);
- fseek(f, 5, SEEK_CUR);
+ fseek(f, 8, SEEK_CUR);
read8(f); /* insno */
read8(f);
m->xxs[i].len = read32l(f);