From f86f1e017a6002eb803cca6eb6854cc84890e440 Mon Sep 17 00:00:00 2001
From: Serial <69764315+Serial-ATA@users.noreply.github.com>
Date: Tue, 29 Oct 2024 20:31:36 -0400
Subject: [PATCH] WAV: Fix potential overflow in bit depth calculation

---
 lofty/src/iff/wav/properties.rs              |   2 +-
 lofty/tests/fuzz/assets/wavfile_read_from/aa | Bin 0 -> 44 bytes
 lofty/tests/fuzz/wavfile_read_from.rs        |   6 ++++++
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 lofty/tests/fuzz/assets/wavfile_read_from/aa

diff --git a/lofty/src/iff/wav/properties.rs b/lofty/src/iff/wav/properties.rs
index 7788eb90..e284af23 100644
--- a/lofty/src/iff/wav/properties.rs
+++ b/lofty/src/iff/wav/properties.rs
@@ -209,7 +209,7 @@ pub(super) fn read_properties(
 			..
 		}) if valid_bits_per_sample > 0 => bit_depth = valid_bits_per_sample as u8,
 		_ if bits_per_sample > 0 => bit_depth = bits_per_sample as u8,
-		_ => bit_depth = (bytes_per_sample * 8) as u8,
+		_ => bit_depth = bytes_per_sample.saturating_mul(8) as u8,
 	};
 
 	let channel_mask = extensible_info.map(|info| info.channel_mask);
diff --git a/lofty/tests/fuzz/assets/wavfile_read_from/aa b/lofty/tests/fuzz/assets/wavfile_read_from/aa
new file mode 100644
index 0000000000000000000000000000000000000000..f0afb8ab8645886d5389c42349df120f4932c16c
GIT binary patch
literal 44
ycmWIYbaT_=U|<M$40BD(Em06)U|?VbLP2c?2AKzoG^gk=Fr*}wB(7v<U;qHbaS0ay

literal 0
HcmV?d00001

diff --git a/lofty/tests/fuzz/wavfile_read_from.rs b/lofty/tests/fuzz/wavfile_read_from.rs
index 6da82348..f98f370f 100644
--- a/lofty/tests/fuzz/wavfile_read_from.rs
+++ b/lofty/tests/fuzz/wavfile_read_from.rs
@@ -28,3 +28,9 @@ fn panic3() {
 		crate::get_reader("wavfile_read_from/2_IDX_34_RAND_128635499166458268533001.wav");
 	let _ = WavFile::read_from(&mut reader, ParseOptions::new());
 }
+
+#[test_log::test]
+fn panic4() {
+	let mut reader = crate::get_reader("wavfile_read_from/aa");
+	let _ = WavFile::read_from(&mut reader, ParseOptions::new());
+}