Error on uuid boxes where the EOF falls within the UUID field

Author: Zaggy1024

mp4parse/src/lib.rs

@@ -2364,11 +2364,10 @@ fn read_box_header<T: ReadBytesExt>(src: &mut T) -> Result<Option<BoxHeader>> {
             if count == 16 {
                 Some(buffer)
             } else {
-                debug!("malformed uuid (short read), skipping");
-                None
+                debug!("malformed uuid (short read)");
+                return Err(Error::UnexpectedEOF);
             }
         } else {
-            debug!("malformed uuid, skipping");
             None
         }
     } else {

mp4parse/src/tests.rs

@@ -166,6 +166,23 @@ fn read_box_header_truncated_uuid() {
     assert!(stream.head.uuid.is_none());
 }
 
+#[test]
+fn read_box_header_uuid_past_eof() {
+    const HEADER_UUID: [u8; 20] = [
+        0x00, 0x00, 0x00, 0x18, // size = 24
+        0x75, 0x75, 0x69, 0x64, // type = uuid
+        0x85, 0xc0, 0xb6, 0x87, 0x82, 0x0f, 0x11, 0xe0, 0x81, 0x11, 0xf4, 0xce,
+    ];
+
+    let mut cursor = Cursor::new(HEADER_UUID);
+    let mut iter = super::BoxIter::new(&mut cursor);
+    match iter.next_box() {
+        Err(Error::UnexpectedEOF) => (),
+        Ok(_) => panic!("expected an error result"),
+        _ => panic!("expected a different error result"),
+    };
+}
+
 #[test]
 fn read_ftyp() {
     let mut stream = make_box(BoxSize::Short(24), b"ftyp", |s| {