From 0d2e01df61d34d2a084acb992dc1f4eb2a46cc26 Mon Sep 17 00:00:00 2001
From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
Date: Wed, 31 Dec 2014 01:46:30 +0900
Subject: [PATCH] Fix a segfault when parsing WAV properties.

---
 taglib/riff/wav/wavproperties.cpp |   5 +++++
 tests/data/segfault.wav           | Bin 0 -> 30 bytes
 tests/test_wav.cpp                |   7 +++++--
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 tests/data/segfault.wav

diff --git a/taglib/riff/wav/wavproperties.cpp b/taglib/riff/wav/wavproperties.cpp
index 8062df5f..439a1954 100644
--- a/taglib/riff/wav/wavproperties.cpp
+++ b/taglib/riff/wav/wavproperties.cpp
@@ -115,6 +115,11 @@ TagLib::uint RIFF::WAV::Properties::sampleFrames() const
 
 void RIFF::WAV::Properties::read(const ByteVector &data)
 {
+  if(data.size() < 16) {
+    debug("RIFF::WAV::Properties::read() - \"fmt \" chunk is too short for WAV.");
+    return;
+  }
+
   d->format      = data.toShort(0, false);
   d->channels    = data.toShort(2, false);
   d->sampleRate  = data.toUInt(4, false);
diff --git a/tests/data/segfault.wav b/tests/data/segfault.wav
new file mode 100644
index 0000000000000000000000000000000000000000..0385e99be958fdf68181244ea8cb2ecd74eb1725
GIT binary patch
literal 30
kcmWIYbaR_v$-ofq80MOmTcW_kz`*eTe@bFWB9OrV0D{&CB>(^b

literal 0
HcmV?d00001

diff --git a/tests/test_wav.cpp b/tests/test_wav.cpp
index b0073ebc..72efe4f6 100644
--- a/tests/test_wav.cpp
+++ b/tests/test_wav.cpp
@@ -72,8 +72,11 @@ public:
 
   void testFuzzedFiles()
   {
-    RIFF::WAV::File f(TEST_FILE_PATH_C("infloop.wav"));
-    CPPUNIT_ASSERT(!f.isValid());
+    RIFF::WAV::File f1(TEST_FILE_PATH_C("infloop.wav"));
+    CPPUNIT_ASSERT(!f1.isValid());
+
+    RIFF::WAV::File f2(TEST_FILE_PATH_C("segfault.wav"));
+    CPPUNIT_ASSERT(f2.isValid());
   }
 
 };