Fix a segfault when parsing WAV properties.

diff --git a/taglib/riff/wav/wavproperties.cpp b/taglib/riff/wav/wavproperties.cpp
index 8062df5f7a9ab8f9801244a325a197af5aab97e8..439a19547bb2621d85472e903f120d92e77cef0d 100644 (file)
--- a/taglib/riff/wav/wavproperties.cpp
+++ b/taglib/riff/wav/wavproperties.cpp
@@ -115,6 +115,11 @@ TagLib::uint RIFF::WAV::Properties::sampleFrames() const
 
 void RIFF::WAV::Properties::read(const ByteVector &data)
 {
+  if(data.size() < 16) {
+    debug("RIFF::WAV::Properties::read() - \"fmt \" chunk is too short for WAV.");
+    return;
+  }
+
   d->format      = data.toShort(0, false);
   d->channels    = data.toShort(2, false);
   d->sampleRate  = data.toUInt(4, false);

diff --git a/tests/data/segfault.wav b/tests/data/segfault.wav
new file mode 100644 (file)
index 0000000..0385e99
Binary files /dev/null and b/tests/data/segfault.wav differ

diff --git a/tests/test_wav.cpp b/tests/test_wav.cpp
index b0073ebc462cc5e44e57d8511369d204f0fabbe6..72efe4f680310d6788e60309c23a6cadabb46ed9 100644 (file)
--- a/tests/test_wav.cpp
+++ b/tests/test_wav.cpp
@@ -72,8 +72,11 @@ public:
 
   void testFuzzedFiles()
   {
-    RIFF::WAV::File f(TEST_FILE_PATH_C("infloop.wav"));
-    CPPUNIT_ASSERT(!f.isValid());
+    RIFF::WAV::File f1(TEST_FILE_PATH_C("infloop.wav"));
+    CPPUNIT_ASSERT(!f1.isValid());
+
+    RIFF::WAV::File f2(TEST_FILE_PATH_C("segfault.wav"));
+    CPPUNIT_ASSERT(f2.isValid());
   }
 
 };