From 30f85a3189a61308d796315c7cecbf7d5c88f19d Mon Sep 17 00:00:00 2001
From: Martin Theriault <mtheriault@espial.com>
Date: Mon, 15 Jul 2019 15:48:08 -0400
Subject: [PATCH] aiff: Fix infinite loop in header parsing.

---
 gst/aiff/aiffparse.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/gst/aiff/aiffparse.c b/gst/aiff/aiffparse.c
index b1b1167034..8543b0e750 100644
--- a/gst/aiff/aiffparse.c
+++ b/gst/aiff/aiffparse.c
@@ -643,14 +643,17 @@ gst_aiff_parse_calculate_duration (GstAiffParse * aiff)
   return FALSE;
 }
 
-static void
+static gboolean
 gst_aiff_parse_ignore_chunk (GstAiffParse * aiff, guint32 tag, guint32 size)
 {
   guint flush;
 
   if (aiff->streaming) {
-    if (!gst_aiff_parse_peek_chunk (aiff, &tag, &size))
-      return;
+    if (!gst_aiff_parse_peek_chunk (aiff, &tag, &size)) {
+      GST_LOG_OBJECT (aiff, "Not enough data to skip tag %" GST_FOURCC_FORMAT,
+          GST_FOURCC_ARGS (tag));
+      return FALSE;
+    }
   }
   GST_WARNING_OBJECT (aiff, "Ignoring tag %" GST_FOURCC_FORMAT,
       GST_FOURCC_ARGS (tag));
@@ -659,6 +662,7 @@ gst_aiff_parse_ignore_chunk (GstAiffParse * aiff, guint32 tag, guint32 size)
   if (aiff->streaming) {
     gst_adapter_flush (aiff->adapter, flush);
   }
+  return TRUE;
 }
 
 static double
@@ -1116,11 +1120,15 @@ gst_aiff_parse_stream_headers (GstAiffParse * aiff)
       }
       case GST_MAKE_FOURCC ('C', 'H', 'A', 'N'):{
         GST_FIXME_OBJECT (aiff, "Handle CHAN chunk with channel layouts");
-        gst_aiff_parse_ignore_chunk (aiff, tag, size);
+        if (!gst_aiff_parse_ignore_chunk (aiff, tag, size)) {
+          return GST_FLOW_OK;
+        }
         break;
       }
       default:
-        gst_aiff_parse_ignore_chunk (aiff, tag, size);
+        if (!gst_aiff_parse_ignore_chunk (aiff, tag, size)) {
+          return GST_FLOW_OK;
+        }
     }
 
     buf = NULL;