Bug 785967 - Reject Wave files with invalid data block size in the format chunk. r=doublec
authorMatthew Gregan <kinetik@flim.org>
Tue, 28 Aug 2012 18:21:58 +1200
changeset 105729 0eebcc79ee058a6f01e76487df88b524f56d179e
parent 105728 0b4bc3760d51cbb235f01b737c67efd9728a9dd7
child 105730 418955e7c3a95f72f9f2ca994de188d65a80e7b0
push id55
push usershu@rfrn.org
push dateThu, 30 Aug 2012 01:33:09 +0000
reviewersdoublec
bugs785967
milestone18.0a1
Bug 785967 - Reject Wave files with invalid data block size in the format chunk. r=doublec
content/media/wave/nsWaveReader.cpp
--- a/content/media/wave/nsWaveReader.cpp
+++ b/content/media/wave/nsWaveReader.cpp
@@ -431,20 +431,22 @@ nsWaveReader::LoadFormatChunk()
 
   // RIFF chunks are always word (two byte) aligned.
   NS_ABORT_IF_FALSE(mDecoder->GetResource()->Tell() % 2 == 0,
                     "LoadFormatChunk left resource unaligned");
 
   // Make sure metadata is fairly sane.  The rate check is fairly arbitrary,
   // but the channels check is intentionally limited to mono or stereo
   // because that's what the audio backend currently supports.
+  unsigned int actualFrameSize = sampleFormat == 8 ? 1 : 2 * channels;
   if (rate < 100 || rate > 96000 ||
       channels < 1 || channels > MAX_CHANNELS ||
       (frameSize != 1 && frameSize != 2 && frameSize != 4) ||
-      (sampleFormat != 8 && sampleFormat != 16)) {
+      (sampleFormat != 8 && sampleFormat != 16) ||
+      frameSize != actualFrameSize) {
     NS_WARNING("Invalid WAVE metadata");
     return false;
   }
 
   ReentrantMonitorAutoEnter monitor(mDecoder->GetReentrantMonitor());
   mSampleRate = rate;
   mChannels = channels;
   mFrameSize = frameSize;