From 2f56a0d5e2f6c743e95817bc642df779d9ac1029 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tristan.matthews@savoirfairelinux.com>
Date: Thu, 10 Jul 2014 01:55:17 -0400
Subject: [PATCH] audiortp: prevent out of bounds read

Add zero padding to pcm buffers (if needed) before encoding them to avoid
out of bounds memory access.

Refs #49181

Change-Id: I804aef3e1acf08301dde388780f4502e51bf57f2
---
 daemon/src/audio/audiortp/audio_rtp_stream.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/daemon/src/audio/audiortp/audio_rtp_stream.cpp b/daemon/src/audio/audiortp/audio_rtp_stream.cpp
index f79b0d7cb5..00e8c17708 100644
--- a/daemon/src/audio/audiortp/audio_rtp_stream.cpp
+++ b/daemon/src/audio/audiortp/audio_rtp_stream.cpp
@@ -343,6 +343,16 @@ size_t AudioRtpStream::processDataEncode()
             ERROR("Audio codec already destroyed");
             return 0;
         }
+
+        const auto frameSize = out->frames();
+        const auto codecFrameSize = codec->getFrameSize();
+        if (codecFrameSize > frameSize) {
+            // PCM too small (underflow), add zero padding to avoid reading past
+            // end of buffer when encoding, for every channel
+            for (auto &c : out->getData())
+                c.resize(codecFrameSize, 0);
+        }
+
         size_t encoded = codec->encode(out->getData(), encodedData_.data(), encodedData_.size());
         return encoded;
     }
-- 
GitLab