shithub: aubio

Download patch

ref: ec3f25f95dc2d41befcb3d2a648616ee57630ab1
parent: f5a97edfd0b985796c8c34f047abe02b70708f59
author: Paul Brossier <piem@piem.org>
date: Thu Dec 20 13:19:22 EST 2018 

[source_wavread] validate input sizes to prevent invalid reads


--- a/src/io/source_wavread.c
+++ b/src/io/source_wavread.c
@@ -24,6 +24,7 @@
 
 #include "fvec.h"
 #include "fmat.h"
+#include "ioutils.h"
 #include "source_wavread.h"
 
 #include <errno.h>
@@ -347,13 +348,15 @@
   uint_t i, j;
   uint_t end = 0;
   uint_t total_wrote = 0;
+  uint_t length = aubio_source_validate_input_length("source_wavread", s->path,
+      s->hop_size, read_data->length);
   if (s->fid == NULL) {
     AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
         s->path);
     return;
   }
-  while (total_wrote < s->hop_size) {
-    end = MIN(s->read_samples - s->read_index, s->hop_size - total_wrote);
+  while (total_wrote < length) {
+    end = MIN(s->read_samples - s->read_index, length - total_wrote);
     for (i = 0; i < end; i++) {
       read_data->data[i + total_wrote] = 0;
       for (j = 0; j < s->input_channels; j++ ) {
@@ -362,7 +365,7 @@
       read_data->data[i + total_wrote] /= (smpl_t)(s->input_channels);
     }
     total_wrote += end;
-    if (total_wrote < s->hop_size) {
+    if (total_wrote < length) {
       uint_t wavread_read = 0;
       aubio_source_wavread_readframe(s, &wavread_read);
       s->read_samples = wavread_read;
@@ -374,8 +377,8 @@
       s->read_index += end;
     }
   }
-  if (total_wrote < s->hop_size) {
-    for (i = end; i < s->hop_size; i++) {
+  if (total_wrote < length) {
+    for (i = end; i < length; i++) {
       read_data->data[i] = 0.;
     }
   }
@@ -386,20 +389,24 @@
   uint_t i,j;
   uint_t end = 0;
   uint_t total_wrote = 0;
+  uint_t length = aubio_source_validate_input_length("source_wavread", s->path,
+      s->hop_size, read_data->length);
+  uint_t channels = aubio_source_validate_input_channels("source_wavread",
+      s->path, s->input_channels, read_data->height);
   if (s->fid == NULL) {
     AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
         s->path);
     return;
   }
-  while (total_wrote < s->hop_size) {
-    end = MIN(s->read_samples - s->read_index, s->hop_size - total_wrote);
-    for (j = 0; j < read_data->height; j++) {
+  while (total_wrote < length) {
+    end = MIN(s->read_samples - s->read_index, length - total_wrote);
+    for (j = 0; j < channels; j++) {
       for (i = 0; i < end; i++) {
         read_data->data[j][i + total_wrote] = s->output->data[j][i];
       }
     }
     total_wrote += end;
-    if (total_wrote < s->hop_size) {
+    if (total_wrote < length) {
       uint_t wavread_read = 0;
       aubio_source_wavread_readframe(s, &wavread_read);
       s->read_samples = wavread_read;
@@ -411,9 +418,9 @@
       s->read_index += end;
     }
   }
-  if (total_wrote < s->hop_size) {
+  if (total_wrote < length) {
     for (j = 0; j < read_data->height; j++) {
-      for (i = end; i < s->hop_size; i++) {
+      for (i = end; i < length; i++) {
         read_data->data[j][i] = 0.;
       }
     }