[3.0] demux: wav: check the size of the fmt chunk is legit (!7582) · Merge requests · VideoLAN / VLC

Steve Lhomme requested to merge robUx4/vlc:30-sanity-wav-fmt into 3.0.x Aug 18, 2025

WAVEFORMATEX.cbSize represents the size of data after the WAVEFORMATEX structure ¹. It is coded on a uint16_t so the size of the WAVEFORMATEX plus its extra data can never exceed sizeof(WAVEFORMATEX) + UINT16_MAX.

Fixes #29004 (closed)

(cherry picked from commit d5ab4348)

Backport of !7549 (merged) (extracted from !7558)

https://learn.microsoft.com/en-us/windows/win32/api/mmeapi/ns-mmeapi-waveformatex ↩

[3.0] demux: wav: check the size of the fmt chunk is legit

Merge request reports