Fix CVE-2018-7254:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254

Copied from upstream:
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e

diff --git a/cli/caff.c b/cli/caff.c
index ae57c4b..6248a71 100644
--- a/cli/caff.c
+++ b/cli/caff.c
@@ -89,8 +89,8 @@ typedef struct
 
 #define CAFChannelDescriptionFormat "LLLLL"
 
-static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21 };
-static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16 };
+static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21,0 };
+static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16,0 };
 
 static struct {
     uint32_t mChannelLayoutTag;     // Core Audio layout, 100 - 146 in high word, num channels in low word
@@ -274,10 +274,19 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
             }
         }
         else if (!strncmp (caf_chunk_header.mChunkType, "chan", 4)) {
-            CAFChannelLayout *caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize);
+            CAFChannelLayout *caf_channel_layout;
 
-            if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) ||
-                !DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) ||
+            if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) || caf_chunk_header.mChunkSize > 1024) {
+                error_line ("this .CAF file has an invalid 'chan' chunk!");
+                return WAVPACK_SOFT_ERROR;
+            }
+
+            if (debug_logging_mode)
+                error_line ("'chan' chunk is %d bytes", (int) caf_chunk_header.mChunkSize);
+
+            caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize);
+
+            if (!DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) ||
                 bcount != caf_chunk_header.mChunkSize) {
                     error_line ("%s is not a valid .CAF file!", infilename);
                     free (caf_channel_layout);
@@ -495,8 +504,15 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
         }
         else {          // just copy unknown chunks to output file
 
-            int bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize;
-            char *buff = malloc (bytes_to_copy);
+            uint32_t bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize;
+            char *buff;
+
+            if (caf_chunk_header.mChunkSize < 0 || caf_chunk_header.mChunkSize > 1048576) {
+                error_line ("%s is not a valid .CAF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+            buff = malloc (bytes_to_copy);
 
             if (debug_logging_mode)
                 error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes",
vail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-04-10 20:20:11 +0200'>2020-04-10</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=6720616daaf711314827c157a660339990e5cb07'>tests: openvswitch: Use the absolute file name of ovs-vsctl.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-03-16 14:05:52 +0100'>2020-03-16</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=ef0f5ff2a74e5e4dc49dfdd0ba6509a91281ddd5'>tests: dhcpd: Adjust network interface name.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-03-31 21:26:15 +0200'>2019-03-31</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=e73ded3c71527412944bb9a97916a096742f695d'>services: Open vSwitch: Provide a default configuration.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2019-01-11 12:14:38 +0100'>2019-01-11</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=84a2de36a10dc2ab80f86e16721cbd228c85279e'>services: Deprecate a few more service procedures.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-10-18 01:12:22 +0200'>2018-10-18</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=39d7fdce453b0ca23ecbed72048647debbaa58a6'>services: dhcp-client: Deprecate 'dhcp-client-service' procedure.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-09-20 13:09:55 +0530'>2018-09-20</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=9926b8f8096a0198cc34585bf7424eba0c98aee2'>gnu: services: Add iptables service.</a><span class='msg-avail'>...</span></td><td>Arun Isaac</td></tr>
<tr><td><span title='2018-08-28 00:25:05 -0700'>2018-08-28</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=3bcb305b98e02f6c9d98e7325813fc00f18f0e6c'>services: tor: Make it easier to use UNIX sockets.</a><span class='msg-avail'>...</span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2018-08-28 00:19:58 -0700'>2018-08-28</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=b0f951e4f04766892933e3b60d1b24ab3a8589c2'>tests: tor: Add more test cases.</a><span class='msg-avail'>...</span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2018-08-28 00:14:24 -0700'>2018-08-28</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=5dfd80e1c5c9803a281804801592d191cf9148ae'>services: tor: Add a system test.</a><span class='msg-avail'>...</span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2018-04-30 03:47:16 +0200'>2018-04-30</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=d94e81dbfc2613f2e3f89500e2a87421f57a032c'>services: Add modem-manager-service-type.</a><span class='msg-avail'>...</span></td><td>Danny Milosavljevic</td></tr>
<tr><td><span title='2018-04-21 23:46:30 -0700'>2018-04-21</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=f1104d900978900addad731dfec4e0e6e5765fbe'>services: Add dhcpd-service-type and &lt;dhcpd-configuration&gt;.</a><span class='msg-avail'>...</span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2017-12-29 14:07:38 +0100'>2017-12-29</span></td><td><a href='/guix/commit/gnu/tests/networking.scm?id=671dbdb9d54b437aacb82bd5901c011ca44801dd'>tests: networking: Add tests for Open vSwitch.</a><span class='msg-avail'>...</span></td><td>Marius Bakke</td></tr>
