From 0914f7daceb01daa70c3eff248776722ca4ad566 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Wed, 14 Jun 2017 00:09:25 +0300
Subject: [PATCH] wavparse: Actually clip to upstream size instead of size of
 the data chunk

There might be other chunks after the data chunk, so clipping the chunk
size with the data size can lead to a negative number and all following
calculations go wrong and cause crashes or worse.

This was introduced in 3ac119bbe2c360e28c087cf3852ea769d611b120.

https://bugzilla.gnome.org/show_bug.cgi?id=783760
---
 gst/wavparse/gstwavparse.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
index bafd4a7..e2224a5 100644
--- a/gst/wavparse/gstwavparse.c
+++ b/gst/wavparse/gstwavparse.c
@@ -1285,9 +1285,10 @@ gst_wavparse_stream_headers (GstWavParse * wav)
     }
 
     /* Clip to upstream size if known */
-    if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
+    if (upstream_size > 0 && size + wav->offset > upstream_size) {
       GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
-      size = wav->datasize - wav->offset;
+      g_assert (upstream_size >= wav->offset);
+      size = upstream_size - wav->offset;
     }
 
     /* wav is a st00pid format, we don't know for sure where data starts.
-- 
2.7.4