From: Fabrice Bellet <fabrice@bellet.info>
Date: Mon, 22 Jul 2019 08:00:00 +0000 (+0000)
Subject: siren: fix a global buffer overflow spotted by asan
X-Git-Tag: 1.16.2~53
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9613fe15fb7bb81902d634fd010ac8cb28ae82f7;p=platform%2Fupstream%2Fgst-plugins-bad.git

siren: fix a global buffer overflow spotted by asan

This patch just enforces boudaries for the access to the
standard_deviation array (64 floats). Such case can be
seen with a corrupted stream, where there's no hope to
obtain a valid decoded frame anyway.

https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/1002
---

diff --git a/gst/siren/huffman.c b/gst/siren/huffman.c
index 432656e3c..f856e28b6 100644
--- a/gst/siren/huffman.c
+++ b/gst/siren/huffman.c
@@ -153,6 +153,10 @@ decode_envelope (int number_of_regions, float *decoder_standard_deviation,
 
     absolute_region_power_index[i] =
         absolute_region_power_index[i - 1] - index - 12;
+    if (absolute_region_power_index[i] < -24)
+      absolute_region_power_index[i] = -24;
+    else if (absolute_region_power_index[i] > 39)
+      absolute_region_power_index[i] = 39;
     decoder_standard_deviation[i] =
         standard_deviation[absolute_region_power_index[i] + 24];
   }