wavparse: Actually clip to upstream size instead of size of the data chunk

There might be other chunks after the data chunk, so clipping the chunk size with the data size can lead to a negative number and all following calculations go wrong and cause crashes or worse. This was introduced in 3ac119bbe2c360e28c087cf3852ea769d611b120. https://bugzilla.gnome.org/show_bug.cgi?id=783760
author: Sebastian Dröge <sebastian@centricular.com> 2017-06-14 00:09:25 +0300
committer: Sebastian Dröge <sebastian@centricular.com> 2017-06-14 00:12:40 +0300
commit: a6aed59d73384abbddb5a179c3236abf89b65c0a (patch)
tree: 326b8a35c707cab35ac0ce1c45e851be739c4586
parent: 07050121aaa3931070c1c3856d026b8de59ab8b7 (diff)
download: gstreamer-plugins-good-a6aed59d73384abbddb5a179c3236abf89b65c0a.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
index bafd4a7d6..e2224a581 100644
--- a/gst/wavparse/gstwavparse.c
+++ b/gst/wavparse/gstwavparse.c
@@ -1285,9 +1285,10 @@ gst_wavparse_stream_headers (GstWavParse * wav)
     }
 
     /* Clip to upstream size if known */
-    if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
+    if (upstream_size > 0 && size + wav->offset > upstream_size) {
       GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
-      size = wav->datasize - wav->offset;
+      g_assert (upstream_size >= wav->offset);
+      size = upstream_size - wav->offset;
     }
 
     /* wav is a st00pid format, we don't know for sure where data starts.
author	Sebastian Dröge <sebastian@centricular.com>	2017-06-14 00:09:25 +0300
committer	Sebastian Dröge <sebastian@centricular.com>	2017-06-14 00:12:40 +0300
commit	a6aed59d73384abbddb5a179c3236abf89b65c0a (patch)
tree	326b8a35c707cab35ac0ce1c45e851be739c4586
parent	07050121aaa3931070c1c3856d026b8de59ab8b7 (diff)
download	gstreamer-plugins-good-a6aed59d73384abbddb5a179c3236abf89b65c0a.tar.gz