projects / platform / upstream / gst-plugins-bad.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 93a374d)
siren: fix a global buffer overflow spotted by asan
authorFabrice Bellet <fabrice@bellet.info>
Mon, 22 Jul 2019 08:00:00 +0000 (08:00 +0000)
committerTim-Philipp Müller <tim@centricular.com>
Sun, 11 Aug 2019 18:27:59 +0000 (19:27 +0100)
This patch just enforces boudaries for the access to the
standard_deviation array (64 floats). Such case can be
seen with a corrupted stream, where there's no hope to
obtain a valid decoded frame anyway.

https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/1002

gst/siren/huffman.c patch | blob | history

diff --git a/gst/siren/huffman.c b/gst/siren/huffman.c
index 432656e..f856e28 100644 (file)
--- a/gst/siren/huffman.c
+++ b/gst/siren/huffman.c
@@ -153,6 +153,10 @@ decode_envelope (int number_of_regions, float *decoder_standard_deviation,
 
     absolute_region_power_index[i] =
         absolute_region_power_index[i - 1] - index - 12;
+    if (absolute_region_power_index[i] < -24)
+      absolute_region_power_index[i] = -24;
+    else if (absolute_region_power_index[i] > 39)
+      absolute_region_power_index[i] = 39;
     decoder_standard_deviation[i] =
         standard_deviation[absolute_region_power_index[i] + 24];
   }
Domain: Multimedia / Media Common;