From 0ed474e412c7fa3647756b7169a1428e2778c7a5 Mon Sep 17 00:00:00 2001
From: ed <eddavies95@gmail.com>
Date: Wed, 12 Jun 2019 14:53:28 +0100
Subject: [PATCH] Fixed a potential crash when reading MIDI files with
 incorrect track length chunks

---
 modules/juce_audio_basics/midi/juce_MidiFile.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/juce_audio_basics/midi/juce_MidiFile.cpp b/modules/juce_audio_basics/midi/juce_MidiFile.cpp
index edad27d248..58cbf7c90a 100644
--- a/modules/juce_audio_basics/midi/juce_MidiFile.cpp
+++ b/modules/juce_audio_basics/midi/juce_MidiFile.cpp
@@ -262,25 +262,26 @@ bool MidiFile::readFrom (InputStream& sourceStream, bool createMatchingNoteOffs)
         if (size > 16 && MidiFileHelpers::parseMidiHeader (d, timeFormat, fileType, expectedTracks))
         {
             size -= (size_t) (d - static_cast<const uint8*> (data.getData()));
-
             int track = 0;
 
-            while (size > 0 && track < expectedTracks)
+            for (;;)
             {
                 auto chunkType = (int) ByteOrder::bigEndianInt (d);
                 d += 4;
                 auto chunkSize = (int) ByteOrder::bigEndianInt (d);
                 d += 4;
 
-                if (chunkSize <= 0)
+                if (chunkSize <= 0 || (size_t) chunkSize > size)
                     break;
 
                 if (chunkType == (int) ByteOrder::bigEndianInt ("MTrk"))
                     readNextTrack (d, chunkSize, createMatchingNoteOffs);
 
+                if (++track >= expectedTracks)
+                    break;
+
                 size -= (size_t) chunkSize + 8;
                 d += chunkSize;
-                ++track;
             }
 
             return true;