diff options
| author | Tristan Matthews <tmatth@videolan.org> | 2018-09-11 12:12:53 +0300 |
|---|---|---|
| committer | Tristan Matthews <tmatth@videolan.org> | 2018-09-11 12:13:53 +0300 |
| commit | f4052739193a5a131db30c263d95d97aa9d226a6 (patch) | |
| tree | 82108ceae384a34a9bc29fa44b83f3a30b7c4543 | |
| parent | 243470fb39e8a5712b5d01c3bf5631081a640a0d (diff) | |
wav_io: check for EOF when seeking in wavfuzzing/readwaveof
Fixes hang discovered by fuzzing: https://github.com/xiph/speex/issues/9
| -rw-r--r-- | src/wav_io.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/wav_io.c b/src/wav_io.c index c2e2bc8..666672c 100644 --- a/src/wav_io.c +++ b/src/wav_io.c @@ -75,8 +75,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 itmp = le_int(itmp); /*fprintf (stderr, "skip=%d\n", itmp);*/ /*strange way of seeking, but it works even for pipes*/ - for (i=0;i<itmp;i++) - fgetc(file); + for (i=0;i<itmp;i++) { + if (fgetc(file) == EOF) { + break; + } + } /*fseek(file, itmp, SEEK_CUR);*/ fread(ch, 1, 4, file); if (feof(file)) |