ref: 1968a7f090862f32f35bf1854965334896aac41b
parent: 6b6a2930b70fe488ec9ae0c0e6c7c279733c6315
author: Mans Rullgard <mans@mansr.com>
date: Sat Apr 28 16:20:36 EDT 2018
wav: check for block align overflow [bug #279] The block align value depends on the encoding and number of channels. Do the calculation in 32 bits, then check for 16-bit overflow.
--- a/src/wav.c
+++ b/src/wav.c
@@ -1362,7 +1362,7 @@
uint16_t wChannels; /* number of channels */
uint32_t dwSamplesPerSecond; /* samples per second per channel*/
uint32_t dwAvgBytesPerSec=0; /* estimate of bytes per second needed */
- uint16_t wBlockAlign=0; /* byte alignment of a basic sample block */
+ uint32_t wBlockAlign=0; /* byte alignment of a basic sample block */
uint16_t wBitsPerSample=0; /* bits per sample */
/* fmt chunk extension (not PCM) */
uint16_t wExtSize=0; /* extra bytes in the format extension */
@@ -1457,6 +1457,13 @@
default:
break;
}
+
+ if (wBlockAlign > UINT16_MAX) {+ lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)",
+ ft->signal.channels);
+ return SOX_EOF;
+ }
+
wav->formatTag = wFormatTag;
wav->blockAlign = wBlockAlign;
wav->samplesPerBlock = wSamplesPerBlock;