siren: fix a global buffer overflow spotted by asan

This patch just enforces boudaries for the access to the standard_deviation array (64 floats). Such case can be seen with a corrupted stream, where there's no hope to obtain a valid decoded frame anyway. https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/1002
author: Fabrice Bellet <fabrice@bellet.info> 2019-07-22 08:00:00 +0000
committer: Sebastian Dröge <slomo@coaxion.net> 2019-07-22 08:00:00 +0000
commit: 96004cd75111f742089b5f9554d20d18f9e83444 (patch)
tree: bac6ecb7f51a3081b80382cc18f9ce32f4dc6b1f /gst/siren
parent: 7de6b5d48161cb4982efe7fd04c8be408ca85424 (diff)
download: gstreamer-plugins-bad-96004cd75111f742089b5f9554d20d18f9e83444.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/gst/siren/huffman.c b/gst/siren/huffman.c
index 432656e3c..f856e28b6 100644
--- a/gst/siren/huffman.c
+++ b/gst/siren/huffman.c
@@ -153,6 +153,10 @@ decode_envelope (int number_of_regions, float *decoder_standard_deviation,
 
     absolute_region_power_index[i] =
         absolute_region_power_index[i - 1] - index - 12;
+    if (absolute_region_power_index[i] < -24)
+      absolute_region_power_index[i] = -24;
+    else if (absolute_region_power_index[i] > 39)
+      absolute_region_power_index[i] = 39;
     decoder_standard_deviation[i] =
         standard_deviation[absolute_region_power_index[i] + 24];
   }
author	Fabrice Bellet <fabrice@bellet.info>	2019-07-22 08:00:00 +0000
committer	Sebastian Dröge <slomo@coaxion.net>	2019-07-22 08:00:00 +0000
commit	96004cd75111f742089b5f9554d20d18f9e83444 (patch)
tree	bac6ecb7f51a3081b80382cc18f9ce32f4dc6b1f /gst/siren
parent	7de6b5d48161cb4982efe7fd04c8be408ca85424 (diff)
download	gstreamer-plugins-bad-96004cd75111f742089b5f9554d20d18f9e83444.tar.gz