[tracker] tracker-extract: Clarify untrusted value checks

[Philip Withnall <pwithnall src gnome org>]

commit 397883a2128ef2099bbad9da75d213f4724db277
Author: Philip Withnall <withnall endlessm com>
Date:   Sun Feb 5 16:07:26 2017 +0100

    tracker-extract: Clarify untrusted value checks
    
    When validating the values of csize and tsize (as they are read from a
    potentially untrusted MP3 file), put them as the left-hand operand in
    the comparison by themselves, without adding anything which:
     • confuses Coverity;
     • potentially overflows.
    
    Coverity ID: 1399652
    
    https://bugzilla.gnome.org/show_bug.cgi?id=778206

 src/tracker-extract/tracker-extract-mp3.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c
index 6be6e71..3a6b1d3 100644
--- a/src/tracker-extract/tracker-extract-mp3.c
+++ b/src/tracker-extract/tracker-extract-mp3.c
@@ -2221,7 +2221,7 @@ parse_id3v20 (const gchar          *data,
        unsync = (data[5] & 0x80) > 0;
        tsize = extract_uint32_7bit (&data[6]);
 
-       if (tsize + header_size > size)  {
+       if (tsize > size - header_size)  {
                g_message ("[v20] Expected MP3 tag size and header size to be within file size boundaries");
                return;
        }
@@ -2251,7 +2251,7 @@ parse_id3v20 (const gchar          *data,
 
                csize = (size_t) extract_uint32_3byte (&data[pos + 3]);
 
-               if (pos + frame_size + csize > size) {
+               if (csize > size - pos - frame_size) {
                        g_debug ("[v20] Size of current frame '%s' (%" G_GSIZE_FORMAT ") "
                                 "exceeds file boundaries (%" G_GSIZE_FORMAT "), "
                                 "not processing any more frames",