# HG changeset patch
# User reimar
# Date 1144752200 0
# Node ID a491d7628cdc552cfb2e206949a5be64989943c1
# Parent  8ceb31f028ee3fa7ac5de5a4d1f69a795b8bef06
check wav header length against upper limit, should protect against
some misdetections (esp. with text files).

diff -r 8ceb31f028ee -r a491d7628cdc libmpdemux/demux_audio.c
--- a/libmpdemux/demux_audio.c	Tue Apr 11 10:19:53 2006 +0000
+++ b/libmpdemux/demux_audio.c	Tue Apr 11 10:43:20 2006 +0000
@@ -27,6 +27,9 @@
   float last_pts;
 } da_priv_t;
 
+//! rather arbitrary value for maximum length of wav-format headers
+#define MAX_WAVHDR_LEN (1 * 1024 * 1024)
+
 // how many valid frames in a row we need before accepting as valid MP3
 #define MIN_MP3_HDRS 5
 
@@ -412,6 +415,11 @@
       free_sh_audio(sh_audio);
       return 0;
     }
+    if(l > MAX_WAVHDR_LEN) {
+      mp_msg(MSGT_DEMUX,MSGL_ERR,"[demux_audio] Bad wav header length: too long (%d)!!!\n",l);
+      free_sh_audio(sh_audio);
+      return 0;
+    }
     sh_audio->wf = w = (WAVEFORMATEX*)malloc(l > sizeof(WAVEFORMATEX) ? l : sizeof(WAVEFORMATEX));
     w->wFormatTag = sh_audio->format = stream_read_word_le(s);
     w->nChannels = sh_audio->channels = stream_read_word_le(s);