From 8cfebfec8c6ca7a47dd064c8f5d3e587973f31a1 Mon Sep 17 00:00:00 2001
From: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Date: Fri, 20 Mar 2015 12:18:37 +0000
Subject: [PATCH] wavparse: clip chunk size above the valid maximum
 (0x7fffffff)

https://bugzilla.gnome.org/show_bug.cgi?id=722567
---
 gst/wavparse/gstwavparse.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
index 35562a81bc..b0e34231ae 100644
--- a/gst/wavparse/gstwavparse.c
+++ b/gst/wavparse/gstwavparse.c
@@ -1264,6 +1264,12 @@ gst_wavparse_stream_headers (GstWavParse * wav)
         "Got TAG: %" GST_FOURCC_FORMAT ", offset %" G_GUINT64_FORMAT ", size %"
         G_GUINT32_FORMAT, GST_FOURCC_ARGS (tag), wav->offset, size);
 
+    /* Maximum valid size is INT_MAX */
+    if (size & 0x80000000) {
+      GST_WARNING_OBJECT (wav, "Invalid size, clipping to 0x7fffffff");
+      size = 0x7fffffff;
+    }
+
     /* Clip to upstream size if known */
     if (wav->datasize > 0 && size + wav->offset > wav->datasize) {
       GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");