diff options
author | Fabrice Bellet <fabrice@bellet.info> | 2019-07-22 08:00:00 +0000 |
---|---|---|
committer | Sebastian Dröge <slomo@coaxion.net> | 2019-07-22 08:00:00 +0000 |
commit | 96004cd75111f742089b5f9554d20d18f9e83444 (patch) | |
tree | bac6ecb7f51a3081b80382cc18f9ce32f4dc6b1f /gst/siren | |
parent | 7de6b5d48161cb4982efe7fd04c8be408ca85424 (diff) | |
download | gstreamer-plugins-bad-96004cd75111f742089b5f9554d20d18f9e83444.tar.gz |
siren: fix a global buffer overflow spotted by asan
This patch just enforces boudaries for the access to the
standard_deviation array (64 floats). Such case can be
seen with a corrupted stream, where there's no hope to
obtain a valid decoded frame anyway.
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/1002
Diffstat (limited to 'gst/siren')
-rw-r--r-- | gst/siren/huffman.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/gst/siren/huffman.c b/gst/siren/huffman.c index 432656e3c..f856e28b6 100644 --- a/gst/siren/huffman.c +++ b/gst/siren/huffman.c @@ -153,6 +153,10 @@ decode_envelope (int number_of_regions, float *decoder_standard_deviation, absolute_region_power_index[i] = absolute_region_power_index[i - 1] - index - 12; + if (absolute_region_power_index[i] < -24) + absolute_region_power_index[i] = -24; + else if (absolute_region_power_index[i] > 39) + absolute_region_power_index[i] = 39; decoder_standard_deviation[i] = standard_deviation[absolute_region_power_index[i] + 24]; } |