WAV: Fix multiply with overflow panic

CHANGELOG.md

@@ -25,6 +25,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/TODO)):
+  - **WAV**: Fix panic when reading properties with large written bytes per second ([issue](https://github.com/Serial-ATA/lofty-rs/issues/420))
   - **Vorbis**: Fix panic when reading properties of a file with large absolute granule positions ([issue](https://github.com/Serial-ATA/lofty-rs/issues/421))
   - **FLAC**: Fix panic when reading properties of a file with incorrect block sizes ([issue](https://github.com/Serial-ATA/lofty-rs/issues/422))
 

lofty/src/iff/wav/properties.rs

@@ -222,7 +222,7 @@ pub(super) fn read_properties(
 	let mut overall_bitrate = 0;
 	let mut audio_bitrate = 0;
 	if bytes_per_second > 0 {
-		audio_bitrate = (bytes_per_second * 8).div_round(1000);
+		audio_bitrate = (u64::from(bytes_per_second) * 8).div_round(1000) as u32;
 	}
 
 	if sample_rate > 0 && total_samples > 0 {

lofty/tests/fuzz/wavfile_read_from.rs

@@ -1,7 +1,16 @@
 use crate::oom_test;
+use lofty::config::ParseOptions;
+use lofty::file::AudioFile;
 use lofty::iff::wav::WavFile;
 
 #[test]
 fn oom1() {
 	oom_test::<WavFile>("wavfile_read_from/oom-007573d233b412ea1b8038137db28e70d5678291");
 }
+
+#[test]
+fn panic1() {
+	let mut reader =
+		crate::get_reader("wavfile_read_from/2_IDX_0_RAND_85629492689553753214598.wav");
+	let _ = WavFile::read_from(&mut reader, ParseOptions::new());
+}