Index: soundtouch/source/SoundStretch/WavFile.cpp
===================================================================
--- soundtouch/source/SoundStretch/WavFile.cpp
+++ soundtouch/source/SoundStretch/WavFile.cpp 2018-09-19 11:58:31.491450261 -0400
@@ -528,12 +528,16 @@
// read length of the format field
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
// swap byte order if necessary
- _swap32(nLen); // int format_len;
- header.format.format_len = nLen;
+ _swap32(nLen);
// calculate how much length differs from expected
nDump = nLen - ((int)sizeof(header.format) - 8);
+ // verify that header length isn't smaller than expected structure
+ if ((nLen < 0) || (nDump < 0)) return -1;
+
+ header.format.format_len = nLen;
+
// if format_len is larger than expected, read only as much data as we've space for
if (nDump > 0)
{
@@ -569,12 +573,16 @@
// read length of the fact field
if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
// swap byte order if necessary
- _swap32(nLen); // int fact_len;
- header.fact.fact_len = nLen;
+ _swap32(nLen);
// calculate how much length differs from expected
nDump = nLen - ((int)sizeof(header.fact) - 8);
+ // verify that fact length isn't smaller than expected structure
+ if ((nLen < 0) || (nDump < 0)) return -1;
+
+ header.fact.fact_len = nLen;
+
// if format_len is larger than expected, read only as much data as we've space for
if (nDump > 0)
{
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
d0632575bb1d3fdba61580e6eab88e32
>
files
>
6
