Harden wav, flac, and aifc parsing

reject unsupported compressed WAV formats and validate extensible
sub-formats to avoid incorrect duration/bitrate reporting

add RF64 support by honoring ds64/data sentinel sizes and using
unsigned chunk-size handling for safer bounds checks

reject reserved FLAC metadata block type 127 and estimate bitrate
from encoded audio bytes after metadata instead of total file size

validate AIFC COMM compression type and accept only NONE/sowt for
decode-safe probing

add regression tests for WAV, FLAC, and AIFF parser edge cases and
expand CI to run Maven verify on Java 17 and 21

Author: TamKungZ

.github/workflows/ci.yml

@@ -9,19 +9,23 @@ on:
 
 jobs:
   build:
+    strategy:
+      fail-fast: false
+      matrix:
+        java: ['17', '21']
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up JDK 17
+      - name: Set up JDK ${{ matrix.java }}
         uses: actions/setup-java@v4
         with:
           distribution: temurin
-          java-version: '17'
+          java-version: ${{ matrix.java }}
           cache: maven
 
-      - name: Build and test with Maven
-        run: mvn -B clean test
+      - name: Build and verify
+        run: mvn -B clean verify
 

.github/workflows/deep-tests.yml

@@ -0,0 +1,53 @@
+name: Deep Tests
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  workflow_dispatch:
+
+jobs:
+  deep-tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        java: ['17', '21']
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: ${{ matrix.java }}
+          cache: maven
+
+      - name: Compile and package gate
+        run: mvn -B -DskipTests clean package
+
+      - name: Full project test suite
+        run: mvn -B test
+
+      - name: Facade and integration-style tests
+        run: |
+          mvn -B -Dtest=CodecMediaFacadeTest test
+          mvn -B -Dtest=CodecMediaRoundTripConversionTest test
+          mvn -B -Dtest=CodecMediaPlayTest test
+
+      - name: Audio parser unit tests
+        run: |
+          mvn -B -Dtest=Mp3ParserTest test
+          mvn -B -Dtest=OggParserTest test
+          mvn -B -Dtest=WavParserTest test
+          mvn -B -Dtest=FlacParserTest test
+          mvn -B -Dtest=AiffParserTest test
+
+      - name: IO unit tests
+        run: mvn -B -Dtest=ByteArrayReaderTest test
+
+      - name: Usage example smoke test
+        run: mvn -B -Dtest=CodecMediaUsageExample test

CHANGELOG.md

@@ -14,14 +14,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Strengthened OGG logical-stream parsing in [`OggParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/ogg/OggParser.java) with per-stream page-sequence validation and serial-scoped metrics for multiplexed files.
 - Refined Vorbis bitrate-mode classification in [`OggParser.detectVorbisBitrateMode()`](src/main/java/me/tamkungz/codecmedia/internal/audio/ogg/OggParser.java) to infer from observed bitrate variation instead of coarse nominal/page-count heuristics.
 - Replaced broad OGG payload string scanning with structured Vorbis/Opus comment-header parsing in [`OggParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/ogg/OggParser.java), and fixed sequence tracking to use `long` to avoid overflow.
+- Updated [`WavParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/wav/WavParser.java) to read/validate `audioFormat` from `fmt ` and reject unsupported compressed WAV formats instead of silently computing incorrect duration.
+- Added RF64-aware WAV parsing in [`WavParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/wav/WavParser.java), including unsigned chunk-size handling and `data` size sentinel (`0xFFFFFFFF`) resolution via `ds64`.
+- Updated [`FlacParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/flac/FlacParser.java) to reject reserved metadata block type `127` per FLAC spec.
+- Updated [`FlacParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/flac/FlacParser.java) bitrate estimation to use encoded audio payload region after metadata blocks (instead of whole file bytes), reducing artwork/metadata inflation.
+- Updated [`AiffParser`](src/main/java/me/tamkungz/codecmedia/internal/audio/aiff/AiffParser.java) to validate AIFC `COMM` compression type and reject unsupported compressed variants.
 
 ### Added
 - Added MP3 parser regression tests for Xing-priority duration, trailing ID3v1 handling, and unsupported Layer I/II diagnostics in [`Mp3ParserTest`](src/test/java/me/tamkungz/codecmedia/internal/audio/mp3/Mp3ParserTest.java).
 - Added OGG parser tests for Vorbis CBR/VBR mode inference, broken page-sequence detection, and multiplexed-stream metric isolation in [`OggParserTest`](src/test/java/me/tamkungz/codecmedia/internal/audio/ogg/OggParserTest.java).
+- Added WAV parser tests for unsupported compressed format rejection and RF64 `ds64`/`data` sentinel handling in [`WavParserTest`](src/test/java/me/tamkungz/codecmedia/internal/audio/wav/WavParserTest.java).
+- Added FLAC parser tests for reserved block type rejection and metadata-heavy bitrate estimation behavior in [`FlacParserTest`](src/test/java/me/tamkungz/codecmedia/internal/audio/flac/FlacParserTest.java).
+- Added explicit decode-only intent comment in [`FlacCodec`](src/main/java/me/tamkungz/codecmedia/internal/audio/flac/FlacCodec.java).
+- Added AIFF parser tests for supported AIFC `NONE` and unsupported compression-type rejection in [`AiffParserTest`](src/test/java/me/tamkungz/codecmedia/internal/audio/aiff/AiffParserTest.java).
+- Added explicit decode-only intent comment in [`AiffCodec`](src/main/java/me/tamkungz/codecmedia/internal/audio/aiff/AiffCodec.java).
 
 ### Verified
 - Confirmed MP3 parser updates with `mvn -Dtest=Mp3ParserTest test`.
 - Confirmed OGG parser updates with `mvn -Dtest=OggParserTest test`.
+- Confirmed WAV parser updates with `mvn -Dtest=WavParserTest test`.
+- Confirmed FLAC parser updates with `mvn -Dtest=FlacParserTest test`.
+- Confirmed AIFF parser updates with `mvn -Dtest=AiffParserTest test`.
 
 ## [1.1.0] - 2026-03-13
 

src/main/java/me/tamkungz/codecmedia/internal/audio/aiff/AiffCodec.java

@@ -26,6 +26,9 @@ public static AiffProbeInfo decode(byte[] bytes, Path sourceRef) throws CodecMed
         return info;
     }
 
+    // Intentional: AIFF codec is currently decode/probe only in this library.
+    // No encode API is exposed until a deterministic AIFF encoder path is introduced.
+
     private static void validateDecodedProbe(AiffProbeInfo info, Path input) throws CodecMediaException {
         if (info.sampleRate() <= 0 || info.channels() <= 0 || info.bitrateKbps() <= 0) {
             throw new CodecMediaException("Decoded AIFF has invalid stream values: " + input);

src/main/java/me/tamkungz/codecmedia/internal/audio/aiff/AiffParser.java

@@ -5,6 +5,9 @@
 
 public final class AiffParser {
 
+    private static final String AIFC_COMPRESSION_NONE = "NONE";
+    private static final String AIFC_COMPRESSION_SOWT = "sowt";
+
     private AiffParser() {
     }
 
@@ -13,6 +16,7 @@ public static AiffProbeInfo parse(byte[] bytes) throws CodecMediaException {
             throw new CodecMediaException("Not an AIFF file");
         }
 
+        boolean aifc = bytes[11] == 'C';
         int offset = 12;
         Integer channels = null;
         Integer bitsPerSample = null;
@@ -39,6 +43,14 @@ public static AiffProbeInfo parse(byte[] bytes) throws CodecMediaException {
                 frameCount = readBeUInt32(bytes, chunkDataStart + 2);
                 bitsPerSample = readBeShort(bytes, chunkDataStart + 6);
                 sampleRate = decodeExtended80ToIntHz(bytes, chunkDataStart + 8);
+
+                if (aifc) {
+                    if (chunkSize < 22) {
+                        throw new CodecMediaException("AIFC COMM chunk missing compression type");
+                    }
+                    String compressionType = readAscii(bytes, chunkDataStart + 18, 4);
+                    validateAifcCompressionType(compressionType);
+                }
             }
 
             int padded = (chunkSize % 2 == 0) ? chunkSize : chunkSize + 1;
@@ -59,6 +71,13 @@ public static AiffProbeInfo parse(byte[] bytes) throws CodecMediaException {
         return new AiffProbeInfo(durationMillis, bitrateKbps, sampleRate, channels, BitrateMode.CBR);
     }
 
+    private static void validateAifcCompressionType(String compressionType) throws CodecMediaException {
+        if (AIFC_COMPRESSION_NONE.equals(compressionType) || AIFC_COMPRESSION_SOWT.equals(compressionType)) {
+            return;
+        }
+        throw new CodecMediaException("Unsupported AIFC compression type: " + compressionType);
+    }
+
     public static boolean isLikelyAiff(byte[] bytes) {
         return bytes != null
                 && bytes.length >= 12

src/main/java/me/tamkungz/codecmedia/internal/audio/flac/FlacCodec.java

@@ -26,6 +26,9 @@ public static FlacProbeInfo decode(byte[] bytes, Path sourceRef) throws CodecMed
         return info;
     }
 
+    // Intentional: FLAC codec is currently decode/probe only in this library.
+    // No encode API is exposed until a deterministic FLAC encoder path is introduced.
+
     private static void validateDecodedProbe(FlacProbeInfo info, Path input) throws CodecMediaException {
         if (info.sampleRate() <= 0 || info.channels() <= 0 || info.bitsPerSample() <= 0) {
             throw new CodecMediaException("Decoded FLAC has invalid stream values: " + input);

src/main/java/me/tamkungz/codecmedia/internal/audio/flac/FlacParser.java

@@ -19,17 +19,21 @@ public static FlacProbeInfo parse(byte[] bytes) throws CodecMediaException {
         int channels = 0;
         int bitsPerSample = 0;
         long totalSamples = 0;
+        int audioStartOffset = -1;
 
         while (offset + 4 <= bytes.length) {
             int header = bytes[offset] & 0xFF;
             boolean last = (header & 0x80) != 0;
             int blockType = header & 0x7F;
+            if (blockType == 0x7F) {
+                throw new CodecMediaException("Invalid FLAC metadata block type: 127 is reserved");
+            }
             int length = ((bytes[offset + 1] & 0xFF) << 16)
                     | ((bytes[offset + 2] & 0xFF) << 8)
                     | (bytes[offset + 3] & 0xFF);
             offset += 4;
 
-            if (length < 0 || offset + length > bytes.length) {
+            if (offset + length > bytes.length) {
                 throw new CodecMediaException("Invalid FLAC metadata block length");
             }
 
@@ -47,6 +51,7 @@ public static FlacProbeInfo parse(byte[] bytes) throws CodecMediaException {
 
             offset += length;
             if (last) {
+                audioStartOffset = offset;
                 break;
             }
         }
@@ -56,8 +61,11 @@ public static FlacProbeInfo parse(byte[] bytes) throws CodecMediaException {
         }
 
         long durationMillis = totalSamples > 0 ? (totalSamples * 1000L) / sampleRate : 0;
+        long encodedAudioBytes = (audioStartOffset >= 0 && audioStartOffset <= bytes.length)
+                ? (bytes.length - (long) audioStartOffset)
+                : 0;
         int avgBitrateKbps = durationMillis > 0
-                ? (int) ((((long) bytes.length * 8L) * 1000L) / durationMillis / 1000L)
+                ? (int) ((encodedAudioBytes * 8L * 1000L) / durationMillis / 1000L)
                 : 0;
         int pcmEquivalentKbps = (int) (((long) sampleRate * channels * bitsPerSample) / 1000L);
         int bitrateKbps = avgBitrateKbps > 0 ? avgBitrateKbps : pcmEquivalentKbps;