From b1ce204542b166bbca507b45e828c5ef9e75a2ee Mon Sep 17 00:00:00 2001
From: Leo <leocstone@gmail.com>
Date: Sun, 12 Mar 2023 18:18:28 -0400
Subject: [PATCH 1/3] Validate chunk size

---
 AudioFile.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/AudioFile.h b/AudioFile.h
index c4a8bbf..2c90f2c 100644
--- a/AudioFile.h
+++ b/AudioFile.h
@@ -1318,7 +1318,13 @@ int AudioFile<T>::getIndexOfChunk (std::vector<uint8_t>& source, const std::stri
         if ((i + 4) >= source.size())
             return -1;
         
-        auto chunkSize = fourBytesToInt (source, i, endianness);
+        uint32_t chunkSize = fourBytesToInt (source, i, endianness);
+        // Assume chunk size is invalid if it's greater than the number of bytes remaining in source
+        if (chunkSize > (source.size() - i - dataLen))
+        {
+            assert (false && "Invalid chunk size");
+            return -1;
+        }
         i += (dataLen + chunkSize);
     }
 

From cb5941ce86182e658c8a3df205e37843c65c53cf Mon Sep 17 00:00:00 2001
From: Leo <leocstone@gmail.com>
Date: Fri, 14 Apr 2023 13:46:44 -0400
Subject: [PATCH 2/3] make chunkSize signed

---
 AudioFile.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/AudioFile.h b/AudioFile.h
index 2c90f2c..483dedb 100644
--- a/AudioFile.h
+++ b/AudioFile.h
@@ -1318,9 +1318,9 @@ int AudioFile<T>::getIndexOfChunk (std::vector<uint8_t>& source, const std::stri
         if ((i + 4) >= source.size())
             return -1;
         
-        uint32_t chunkSize = fourBytesToInt (source, i, endianness);
+        int32_t chunkSize = fourBytesToInt (source, i, endianness);
         // Assume chunk size is invalid if it's greater than the number of bytes remaining in source
-        if (chunkSize > (source.size() - i - dataLen))
+        if (chunkSize > (source.size() - i - dataLen) || (chunkSize < 0))
         {
             assert (false && "Invalid chunk size");
             return -1;

From 2a96219c5c3bc6d0ca61bd70ac8b66d657e807cc Mon Sep 17 00:00:00 2001
From: Adam Stark <adamstark.uk@gmail.com>
Date: Mon, 17 Apr 2023 23:00:37 +0100
Subject: [PATCH 3/3] Update contributors

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 4886e94..4c08937 100644
--- a/README.md
+++ b/README.md
@@ -251,6 +251,7 @@ Many thanks to the following people for their contributions to this library:
 * [emiro85](https://github.com/emiro85)
 * [heartofrain](https://github.com/heartofrain)
 * [helloimmatt](https://github.com/helloimmatt/)
+* [leocstone](https://github.com/leocstone)
 * [MatthieuHernandez](https://github.com/MatthieuHernandez)
 * [mrpossoms](https://github.com/mrpossoms)
 * [mynameisjohn](https://github.com/mynameisjohn)