Serial-ATA
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎lofty/src/wavpack/properties.rs‎
Lines changed: 5 additions & 1 deletion b/‎lofty/src/wavpack/properties.rs‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎lofty/tests/fuzz/assets/wavpackfile_read_from/crash-68a2215c732ecb202998d3bd8b0de932e5e0301d_minimized‎
376 Bytes b/‎lofty/tests/fuzz/assets/wavpackfile_read_from/crash-68a2215c732ecb202998d3bd8b0de932e5e0301d_minimized‎
376 Bytes
diff --git a/‎lofty/tests/fuzz/assets/wavpackfile_read_from/crash-b583ce7029fc17100e2aabfa4679865a2a5fd9a4_minimized‎
32 Bytes b/‎lofty/tests/fuzz/assets/wavpackfile_read_from/crash-b583ce7029fc17100e2aabfa4679865a2a5fd9a4_minimized‎
32 Bytes
diff --git a/‎lofty/tests/fuzz/wavpackfile_read_from.rs‎
Lines changed: 16 additions & 0 deletions b/‎lofty/tests/fuzz/wavpackfile_read_from.rs‎
Lines changed: 16 additions & 0 deletions
@@ -59,6 +59,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     - **WavPack***: Fix panic when encountering wrongly sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/472)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/480))
     - **WavPack***: Fix panic when encountering zero-sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/473))
     - **WavPack**: Verify the size of non-standard sample rate blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/488))
+    - **WavPack**: Fix potential overflow in bit depth calculation ([issue](https://github.com/Serial-ATA/lofty-rs/issues/491))
     - **MPEG**: Fix panic when APE tags are incorrectly sized ([issue](https://github.com/Serial-ATA/lofty-rs/issues/474))
     - **MPEG**: Fix panic when calculating the stream length for files with improperly sized frames ([issue](https://github.com/Serial-ATA/lofty-rs/issues/487))
     - **ID3v2**: Fix panic when parsing non-ASCII `TDAT` and `TIME` frames in `TDRC` conversion ([issue](https://github.com/Serial-ATA/lofty-rs/issues/477))
 
@@ -187,7 +187,7 @@ where
 			}
 
 			total_samples = block_header.total_samples;
-			properties.bit_depth = ((((flags & BYTES_PER_SAMPLE_MASK) + 1) * 8) - ((flags & BIT_DEPTH_SHIFT_MASK) >> BIT_DEPTH_SHL)) as u8;
+			properties.bit_depth = (((flags & BYTES_PER_SAMPLE_MASK) + 1) * 8).saturating_sub((flags & BIT_DEPTH_SHIFT_MASK) >> BIT_DEPTH_SHL) as u8;
 
 			properties.version = block_header.version;
 			properties.lossless = flags & FLAG_HYBRID_COMPRESSION == 0;
@@ -414,6 +414,10 @@ fn get_extended_meta_info(
 		}
 
 		// Skip over any remaining block size
+		if (size as usize) > reader.len() {
+			err!(SizeMismatch);
+		}
+
 		let (_, rem) = reader.split_at(size as usize);
 		*reader = rem;
 
 
@@ -120,3 +120,19 @@ fn panic5() {
 	);
 	let _ = WavPackFile::read_from(&mut reader, ParseOptions::default());
 }
+
+#[test_log::test]
+fn panic6() {
+	let mut reader = crate::get_reader(
+		"wavpackfile_read_from/crash-68a2215c732ecb202998d3bd8b0de932e5e0301d_minimized",
+	);
+	let _ = WavPackFile::read_from(&mut reader, ParseOptions::default());
+}
+
+#[test_log::test]
+fn panic7() {
+	let mut reader = crate::get_reader(
+		"wavpackfile_read_from/crash-b583ce7029fc17100e2aabfa4679865a2a5fd9a4_minimized",
+	);
+	let _ = WavPackFile::read_from(&mut reader, ParseOptions::default());
+}