From fa6ff516cd6ed4681bc98cc254016232cac78d37 Mon Sep 17 00:00:00 2001
From: Martin Pulec <martin.pulec@cesnet.cz>
Date: Fri, 21 Oct 2022 08:24:21 +0200
Subject: [PATCH] wav_reader: check read ds64 - check overflow

---
 src/audio/wav_reader.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/audio/wav_reader.c b/src/audio/wav_reader.c
index 304820c83..3ae6718b6 100644
--- a/src/audio/wav_reader.c
+++ b/src/audio/wav_reader.c
@@ -195,8 +195,9 @@ static _Bool read_ds64(FILE *wav_file, uint32_t chunk_size, struct wav_metadata
         metadata->data_size = tmp;
         READ_N(&tmp, 8); // dummy - should be ignored
         uint32_t table_count = 0;
-        const int table_sz = (sizeof(uint32_t) /*ID*/ + sizeof(uint64_t) /*size*/);
+        const size_t table_sz = (sizeof(uint32_t) /*ID*/ + sizeof(uint64_t) /*size*/);
         READ_N(&table_count, 4); // number of table entries for non-'data' chunks
+        assert(table_sz * table_count <= MIN(sizeof(uint32_t), sizeof(long))); // check overflows
         if (chunk_size - 28 != table_sz * table_count) {
                 log_msg(LOG_LEVEL_ERROR, MOD_NAME "incorrect table count %" PRIu32 " given, ds64 chunk len %" PRIu32 "\n",
                                 table_count, chunk_size);