SND002 is unreachable

[wunused]

The SND002 vulnerability condition appears to be unreachable due to a similar check preceding the vulnerable condition. In the original libsndfile source code (commit 86c9f9eb7022d186ad4d0689487e7d4f04ce2b29) with the SND002 patch applied:

src/sd2.c

static int
sd2_parse_rsrc_fork (SF_PRIVATE *psf)
{	<snip>

	if (rsrc.map_offset + 28 >= rsrc.rsrc_len)
	{	psf_log_printf (psf, "Bad map offset (%d + 28 > %d).\n", rsrc.map_offset, rsrc.rsrc_len) ;
		error = SFE_SD2_BAD_RSRC ;
		goto parse_rsrc_fork_cleanup ;
		} ;

	rsrc.string_offset = rsrc.map_offset + read_rsrc_short (&rsrc, rsrc.map_offset + 26) ;
	if (rsrc.string_offset > rsrc.rsrc_len)
	{	psf_log_printf (psf, "Bad string offset (%d).\n", rsrc.string_offset) ;
		error = SFE_SD2_BAD_RSRC ;
		goto parse_rsrc_fork_cleanup ;
		} ;

	rsrc.type_offset = rsrc.map_offset + 30 ;

#ifdef MAGMA_ENABLE_FIXES
	if (rsrc.map_offset + 28 > rsrc.rsrc_len)
	{	psf_log_printf (psf, "Bad map offset.\n") ;
		goto parse_rsrc_fork_cleanup ;
		} ;
#endif
#ifdef MAGMA_ENABLE_CANARIES
    MAGMA_LOG("%MAGMA_BUG%", rsrc.map_offset + 28 > rsrc.rsrc_len);
#endif

    <snip>

The vulnerable condition is rsrc.map_offset + 28 > rsrc.rsrc_len, but the first error check listed above is if (rsrc.map_offset + 28 >= rsrc.rsrc_len). Therefore, the vulnerable condition cannot be met following this check.

Does this analysis seem correct?