There might be other chunks after the data chunk, so clipping the chunk
size with the data size can lead to a negative number and all following
calculations go wrong and cause crashes or worse.
This was introduced in
3ac119bbe2c360e28c087cf3852ea769d611b120.
https://bugzilla.gnome.org/show_bug.cgi?id=783760
}
/* Clip to upstream size if known */
- if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
+ if (upstream_size > 0 && size + wav->offset > upstream_size) {
GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
- size = wav->datasize - wav->offset;
+ g_assert (upstream_size >= wav->offset);
+ size = upstream_size - wav->offset;
}
/* wav is a st00pid format, we don't know for sure where data starts.