--- sox-12.17.4/wav.c.can-2004-0557	2002-12-30 20:19:22.000000000 -0700
+++ sox-12.17.4/wav.c	2004-07-22 17:24:19.000000000 -0600
@@ -917,6 +917,10 @@
 		} else if(strncmp(magic,"ICRD",4) == 0){
 			st_readdw(ft,&len); 
 			len = (len + 1) & ~1;
+			if (len > 254) {
+			    fprintf(stderr, "Possible buffer overflow hack attack (ICRD)!\n");
+			    break;
+			}
 			st_reads(ft,text,len);
 			if (strlen(ft->comment) + strlen(text) < 254)
 			{
@@ -926,6 +930,10 @@
 		} else if(strncmp(magic,"ISFT",4) == 0){
 			st_readdw(ft,&len); 
 			len = (len + 1) & ~1;
+			if (len > 254) {
+			    fprintf(stderr, "Possible buffer overflow hack attack (ISFT)!\n");
+			    break;
+			}
 			st_reads(ft,text,len);
 			if (strlen(ft->comment) + strlen(text) < 254)
 			{