From eefb7c1638281ff40008ce55ad9ae17b054f1253 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 1 Apr 2024 14:36:19 +0300
Subject: [PATCH] wavpackparse: Fix potential integer overflow on ID_ODD_SIZE
 blocks

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6498>
---
 .../gst-plugins-good/gst/audioparsers/gstwavpackparse.c      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c b/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c
index 09d7977acf..c116b7df33 100644
--- a/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c
+++ b/subprojects/gst-plugins-good/gst/audioparsers/gstwavpackparse.c
@@ -322,8 +322,11 @@ gst_wavpack_parse_frame_metadata (GstWavpackParse * parse, GstBuffer * buf,
     size <<= 8;
     size += c;
     size <<= 1;
-    if (id & ID_ODD_SIZE)
+    if (id & ID_ODD_SIZE) {
+      if (size == 0)
+        goto read_failed;
       size--;
+    }
 
     CHECK (gst_byte_reader_get_data (&br, size + (size & 1), &data));
     gst_byte_reader_init (&mbr, data, size);