Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-11-10 06:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

WAV: Fix panic on invalid bits_per_sample

Browse source
This commit is contained in:
Serial 2024-07-22 12:31:35 -04:00 committed by Alex
parent 15c1aed9bf
commit 3541fd73f3
4 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -25,13 +25,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- **MP4**: Atoms with sizes greater than the remaining file size will be ignored with `ParsingMode::Relaxed` ([PR](https://github.com/Serial-ATA/lofty-rs/pull/433))
### Fixed
- **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/TODO)):
- **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/423)) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/434)):
- **MP4**:
- Fix panic when reading properties of a file with no timescale specified ([issue](https://github.com/Serial-ATA/lofty-rs/issues/418))
- Fix panics when reading improperly sized freeform atom identifiers ([issue](https://github.com/Serial-ATA/lofty-rs/issues/425)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/426))
- **WAV**:
- Fix panic when reading properties with large written bytes per second ([issue](https://github.com/Serial-ATA/lofty-rs/issues/420))
- Fix panic when reading an improperly sized INFO LIST ([issue](https://github.com/Serial-ATA/lofty-rs/issues/427))
- Fix panic when reading a fmt chunk with an invalid bits_per_sample field ([issue](https://github.com/Serial-ATA/lofty-rs/issues/428))
- **Vorbis**:
- Fix panic when reading properties of a file with large absolute granule positions ([issue](https://github.com/Serial-ATA/lofty-rs/issues/421))
- Fix attempted large allocations with invalid comment counts ([issue](https://github.com/Serial-ATA/lofty-rs/issues/419))

7
lofty/src/iff/wav/properties.rs
View file

@ -196,7 +196,12 @@ pub(super) fn read_properties(
decode_err!(@BAIL Wav, "File contains 0 channels");
}
if bits_per_sample % 8 != 0 {
decode_err!(@BAIL Wav, "Bits per sample is not a multiple of 8");
}
let bytes_per_sample = block_align / u16::from(channels);
let bit_depth;
match extensible_info {
Some(ExtensibleFmtChunk {
@ -215,7 +220,7 @@ pub(super) fn read_properties(
}
if bits_per_sample > 0 && (total_samples == 0 || pcm) {
total_samples = stream_len / u32::from(u16::from(channels) * ((bits_per_sample + 7) / 8))
total_samples = stream_len / (u32::from(channels) * u32::from(bits_per_sample / 8));
}
let mut duration = Duration::ZERO;

BIN
lofty/tests/fuzz/assets/wavfile_read_from/2_IDX_34_RAND_128635499166458268533001.wav Executable file
View file

Binary file not shown.

7
lofty/tests/fuzz/wavfile_read_from.rs
View file

@ -21,3 +21,10 @@ fn panic2() {
crate::get_reader("wavfile_read_from/2_IDX_63_RAND_104275228651573584855676.wav");
let _ = WavFile::read_from(&mut reader, ParseOptions::new());
}
#[test]
fn panic3() {
let mut reader =
crate::get_reader("wavfile_read_from/2_IDX_34_RAND_128635499166458268533001.wav");
let _ = WavFile::read_from(&mut reader, ParseOptions::new());
}