From a5be4704078610a47ba6d528ff377b4a738c18dd Mon Sep 17 00:00:00 2001
From: Kostya Shishkov <kostya.shishkov@gmail.com>
Date: Fri, 20 Mar 2026 18:54:09 +0100
Subject: [PATCH] codec_support/msstructs: check WAVEFORMATEX.cbSize for
 validity

---
 nihav-codec-support/src/codecs/msstructs.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nihav-codec-support/src/codecs/msstructs.rs b/nihav-codec-support/src/codecs/msstructs.rs
index b1b10ec..1dc1558 100644
--- a/nihav-codec-support/src/codecs/msstructs.rs
+++ b/nihav-codec-support/src/codecs/msstructs.rs
@@ -179,7 +179,10 @@ impl MSWaveFormat {
         let mut extradata = None;
         if size > 16 {
             let cb_size         = usize::from(src.read_u16le()?);
-            if cb_size > 0 {
+            if cb_size > 0 && size > 18 {
+                if cb_size > size - 18 {
+                    return Err(ByteIOError::ReadError);
+                }
                 let mut edata = vec![0; cb_size];
                                   src.read_buf(&mut edata)?;
                 extradata = Some(edata);
-- 
2.39.5