From 2f56a0d5e2f6c743e95817bc642df779d9ac1029 Mon Sep 17 00:00:00 2001 From: Tristan Matthews <tristan.matthews@savoirfairelinux.com> Date: Thu, 10 Jul 2014 01:55:17 -0400 Subject: [PATCH] audiortp: prevent out of bounds read Add zero padding to pcm buffers (if needed) before encoding them to avoid out of bounds memory access. Refs #49181 Change-Id: I804aef3e1acf08301dde388780f4502e51bf57f2 --- daemon/src/audio/audiortp/audio_rtp_stream.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/daemon/src/audio/audiortp/audio_rtp_stream.cpp b/daemon/src/audio/audiortp/audio_rtp_stream.cpp index f79b0d7cb5..00e8c17708 100644 --- a/daemon/src/audio/audiortp/audio_rtp_stream.cpp +++ b/daemon/src/audio/audiortp/audio_rtp_stream.cpp @@ -343,6 +343,16 @@ size_t AudioRtpStream::processDataEncode() ERROR("Audio codec already destroyed"); return 0; } + + const auto frameSize = out->frames(); + const auto codecFrameSize = codec->getFrameSize(); + if (codecFrameSize > frameSize) { + // PCM too small (underflow), add zero padding to avoid reading past + // end of buffer when encoding, for every channel + for (auto &c : out->getData()) + c.resize(codecFrameSize, 0); + } + size_t encoded = codec->encode(out->getData(), encodedData_.data(), encodedData_.size()); return encoded; } -- GitLab