src/wav.c: Fix infinite loop in exif parser

Integer overflow found my American Fuzzy Lop.
2024-11-27 03:50:29 +00:00 · 2015-12-28 16:46:28 +11:00 · 2015-12-28 16:46:28 +11:00 · fdd6b8c194
commit fdd6b8c194
parent 1b93de430a
1 changed files with 1 additions and 1 deletions
--- a/src/wav.c
+++ b/src/wav.c
@ -2000,7 +2000,7 @@ exif_subchunk_parse (SF_PRIVATE *psf, uint32_t length)
 			case olym_MARKER :
 				bytesread += psf_binheader_readf (psf, "4", &dword) ;
 				psf_log_printf (psf, "%M : %u\n", marker, dword) ;
-				if (bytesread + dword > length)
+				if (dword > length || bytesread + dword > length)
 					break ;
 				dword += (dword & 1) ;
 				bytesread += psf_binheader_readf (psf, "j", dword) ;