From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001
From: oparviainen <oparviai@iki.fi>
Date: Sun, 12 Aug 2018 20:24:37 +0300
Subject: [PATCH] Added minimum size check for WAV header block lengh values

---
 source/SoundStretch/WavFile.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
index 7e7ade2..68818c9 100644
--- a/source/SoundStretch/WavFile.cpp
+++ b/source/SoundStretch/WavFile.cpp
@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock()
         // read length of the format field
         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
         // swap byte order if necessary
-        _swap32(nLen); // int format_len;
+        _swap32(nLen);
+
+        // verify that header length isn't smaller than expected
+        if (nLen < sizeof(header.format) - 8) return -1;
+
         header.format.format_len = nLen;
 
         // calculate how much length differs from expected
@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock()
         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;
         // swap byte order if necessary
         _swap32(nLen); // int fact_len;
+
+        // verify that fact length isn't smaller than expected
+        if (nLen < sizeof(header.fact) - 8) return -1;
+
         header.fact.fact_len = nLen;
 
         // calculate how much length differs from expected