ref: 2386ab2c67bb2a680a669322f80921fd362f1b90
parent: 3bc7b61cb1c7c34b4f1ad39771febe6ea61b5094
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Tue Mar 5 20:26:05 EST 2024
wav: fix a buffer overflow (offset forgotten)
--- a/wav.c
+++ b/wav.c
@@ -64,9 +64,11 @@
return -1;
ctx->duration = sz*1000 / x;
}else if(memcmp(d, "LIST", 4) == 0){
+ if(csz < 4)
+ return -1;
sz = csz - 4;
continue;
- }else if(info && csz < ctx->bufsz){
+ }else if(info && csz < ctx->bufsz-5){
for(n = 0; n < nelem(t); n++){
if(memcmp(d, t[n].s, 4) == 0 || t[n].type == Tunknown){
if(ctx->read(ctx, d+5, csz) != csz)