From f4117f873c2cdc7b61553ae27df34364340a37ea Mon Sep 17 00:00:00 2001 From: tsdgeos Date: Wed, 4 Feb 2026 17:31:59 +0100 Subject: [PATCH] wavpack: Fix infinite loop when reading broken files (#1304) A crafted file can have blockSamples set to 0 and a blockSize so big that when adding 8 it overflows and offset is 0 so it goes back to the same position and loops forever --- taglib/wavpack/wavpackproperties.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/taglib/wavpack/wavpackproperties.cpp b/taglib/wavpack/wavpackproperties.cpp index 3247da26..b36758f7 100644 --- a/taglib/wavpack/wavpackproperties.cpp +++ b/taglib/wavpack/wavpackproperties.cpp @@ -260,16 +260,16 @@ void WavPack::Properties::read(File *file, offset_t streamLength) const unsigned int flags = data.toUInt(24, false); unsigned int smplRate = sampleRates[(flags & SRATE_MASK) >> SRATE_LSB]; - if(!blockSamples) { // ignore blocks with no samples - offset += blockSize + 8; - continue; - } - if(blockSize < 24 || blockSize > 1048576) { debug("WavPack::Properties::read() -- Invalid block header found."); break; } + if(!blockSamples) { // ignore blocks with no samples + offset += blockSize + 8; + continue; + } + // For non-standard sample rates or DSD audio files, we must read and parse the block // to actually determine the sample rate.