Check for reading past end before calling mp4ff_read_sample()

Previously errors like the following would occasionally be reported at the end
of an AAC file:

mp4ff_read_sample: malloc failure (tried to alloc -2147483648 bytes). possible mp4ff bug or memleak! please report a bug to deadbeef developers (i'm serious).

This was because the value of “sample” passed to mp4ff_audio_frame_size()
caused that function to read just off the end of an array.

Bug reported at https://sourceforge.net/support/tracker.php?aid=3321066

Fix inspired by https://bugs.launchpad.net/bugs/40043 “Crash (SIGSEGV) in
memcpy using libfaad2”

1 files changed, 5 insertions, 6 deletions

diff --git a/plugins/aac/aac.c b/plugins/aac/aac.c
index b3417879..2f2755f0 100644
--- a/plugins/aac/aac.c
+++ b/plugins/aac/aac.c
@@ -878,11 +878,16 @@ aac_read (DB_fileinfo_t *_info, char *bytes, int size) {
         char *samples = NULL;
 
         if (info->mp4file) {
+            if (info->mp4sample >= info->mp4samples) {
+                break;
+            }
+            
             unsigned char *buffer = NULL;
             int buffer_size = 0;
 #ifdef USE_MP4FF
             int rc = mp4ff_read_sample (info->mp4file, info->mp4track, info->mp4sample, &buffer, &buffer_size);
             if (rc == 0) {
+                trace ("mp4ff_read_sample failed\n");
                 info->eof = 1;
                 break;
             }
@@ -902,12 +907,6 @@ aac_read (DB_fileinfo_t *_info, char *bytes, int size) {
             u_int64_t myDuration = MP4ConvertFromTrackDuration (info->mp4file, info->mp4track,
                     sampleDuration, MP4_MSECS_TIME_SCALE);
 #endif
-            if (info->mp4sample >= info->mp4samples) {
-                if (buffer) {
-                    free (buffer);
-                }
-                break;
-            }
             info->mp4sample++;
             samples = NeAACDecDecode(info->dec, &info->frame_info, buffer, buffer_size);