speex/backport-wav_io-check-for-EOF-when-seeking-in-wav.patch

From bdc392257c330e49872a5217dfb56becd1ee8f45 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Tue, 11 Sep 2018 05:12:53 -0400
Subject: [PATCH] wav_io: check for EOF when seeking in wav

Fixes hang discovered by fuzzing: https://github.com/xiph/speex/issues/9
---
 src/wav_io.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/wav_io.c b/src/wav_io.c
index c2e2bc85..b5183015 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -75,8 +75,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
       itmp = le_int(itmp);
       /*fprintf (stderr, "skip=%d\n", itmp);*/
       /*strange way of seeking, but it works even for pipes*/
-      for (i=0;i<itmp;i++)
-         fgetc(file);
+      for (i=0;i<itmp;i++) {
+        if (fgetc(file) == EOF) {
+          break;
+        }
+      }
       /*fseek(file, itmp, SEEK_CUR);*/
       fread(ch, 1, 4, file);
       if (feof(file))
@@ -152,9 +155,13 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
 
 
    /*strange way of seeking, but it works even for pipes*/
-   if (skip_bytes>0)
-      for (i=0;i<skip_bytes;i++)
-         fgetc(file);
+   if (skip_bytes>0) {
+      for (i=0;i<skip_bytes;i++) {
+        if (fgetc(file) == EOF) {
+          break;
+        }
+      }
+   }
 
    /*fseek(file, skip_bytes, SEEK_CUR);*/
 
@@ -164,8 +171,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
       fread(&itmp, 4, 1, file);
       itmp = le_int(itmp);
       /*strange way of seeking, but it works even for pipes*/
-      for (i=0;i<itmp;i++)
-         fgetc(file);
+      for (i=0;i<itmp;i++) {
+        if (fgetc(file) == EOF) {
+          break;
+        }
+      }
       /*fseek(file, itmp, SEEK_CUR);*/
       fread(ch, 1, 4, file);
       if (feof(file))