wavparse: Actually clip to upstream size instead of size of the data chunk

There might be other chunks after the data chunk, so clipping the chunk
size with the data size can lead to a negative number and all following
calculations go wrong and cause crashes or worse.

This was introduced in 3ac119bbe2c360e28c087cf3852ea769d611b120.

https://bugzilla.gnome.org/show_bug.cgi?id=783760

diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
index bafd4a7..e2224a5 100644 (file)
--- a/gst/wavparse/gstwavparse.c
+++ b/gst/wavparse/gstwavparse.c
@@ -1285,9 +1285,10 @@ gst_wavparse_stream_headers (GstWavParse * wav)
     }
 
     /* Clip to upstream size if known */
-    if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
+    if (upstream_size > 0 && size + wav->offset > upstream_size) {
       GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
-      size = wav->datasize - wav->offset;
+      g_assert (upstream_size >= wav->offset);
+      size = upstream_size - wav->offset;
     }
 
     /* wav is a st00pid format, we don't know for sure where data starts.