Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/xiph/speex.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTristan Matthews <tmatth@videolan.org>2018-09-11 12:12:53 +0300
committerTristan Matthews <tmatth@videolan.org>2018-09-12 05:00:28 +0300
commitbdc392257c330e49872a5217dfb56becd1ee8f45 (patch)
tree8d09eaa012875283c255d59e29d12623fb477b90
parent0c0212158818362127d6c6f42f5aa53d33a61fbf (diff)
wav_io: check for EOF when seeking in wav
Fixes hang discovered by fuzzing: https://github.com/xiph/speex/issues/9
Diffstat
-rw-r--r--src/wav_io.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/src/wav_io.c b/src/wav_io.c
index c2e2bc8..b518301 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -75,8 +75,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
itmp = le_int(itmp);
/*fprintf (stderr, "skip=%d\n", itmp);*/
/*strange way of seeking, but it works even for pipes*/
- for (i=0;i<itmp;i++)
- fgetc(file);
+ for (i=0;i<itmp;i++) {
+ if (fgetc(file) == EOF) {
+ break;
+ }
+ }
/*fseek(file, itmp, SEEK_CUR);*/
fread(ch, 1, 4, file);
if (feof(file))
@@ -152,9 +155,13 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
/*strange way of seeking, but it works even for pipes*/
- if (skip_bytes>0)
- for (i=0;i<skip_bytes;i++)
- fgetc(file);
+ if (skip_bytes>0) {
+ for (i=0;i<skip_bytes;i++) {
+ if (fgetc(file) == EOF) {
+ break;
+ }
+ }
+ }
/*fseek(file, skip_bytes, SEEK_CUR);*/
@@ -164,8 +171,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
fread(&itmp, 4, 1, file);
itmp = le_int(itmp);
/*strange way of seeking, but it works even for pipes*/
- for (i=0;i<itmp;i++)
- fgetc(file);
+ for (i=0;i<itmp;i++) {
+ if (fgetc(file) == EOF) {
+ break;
+ }
+ }
/*fseek(file, itmp, SEEK_CUR);*/
fread(ch, 1, 4, file);
if (feof(file))
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 01:15:34 +0300