From 18199cc2f756bd8eb17a475882dbc738194cbee8 Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Thu, 28 Mar 2019 09:25:13 +0100
Subject: [PATCH] Fix handling of truncated frame files.

---
 futatabi/main.cpp | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/futatabi/main.cpp b/futatabi/main.cpp
index e6556d3..a4b1e42 100644
--- a/futatabi/main.cpp
+++ b/futatabi/main.cpp
@@ -305,6 +305,18 @@ void load_frame_file(const char *filename, const string &basename, unsigned file
 		abort();
 	}
 
+	// Find the actual length of the file, since fseek() past the end of the file
+	// will succeed without an error.
+	if (fseek(fp, 0, SEEK_END) == -1) {
+		perror("fseek(SEEK_END)");
+		abort();
+	}
+	off_t file_len = ftell(fp);
+	if (fseek(fp, 0, SEEK_SET) == -1) {
+		perror("fseek(SEEK_SET)");
+		abort();
+	}
+
 	size_t magic_offset = 0;
 	size_t skipped_bytes = 0;
 	while (!feof(fp) && !ferror(fp)) {
@@ -360,9 +372,10 @@ void load_frame_file(const char *filename, const string &basename, unsigned file
 		frame.filename_idx = filename_idx;
 		frame.size = hdr.file_size();
 
-		if (fseek(fp, frame.offset + frame.size, SEEK_SET) == -1) {
+		if (frame.offset + frame.size > file_len ||
+		    fseek(fp, frame.offset + frame.size, SEEK_SET) == -1) {
 			fprintf(stderr, "WARNING: %s: Could not seek past frame (probably truncated).\n", filename);
-			continue;
+			break;
 		}
 
 		if (hdr.stream_idx() >= 0 && hdr.stream_idx() < MAX_STREAMS) {
-- 
2.39.2