[source_wavread] validate input sizes to prevent invalid reads

author Paul Brossier <piem@piem.org>

Thu, 20 Dec 2018 17:19:22 +0000 (18:19 +0100)

committer Paul Brossier <piem@piem.org>

Thu, 20 Dec 2018 17:19:22 +0000 (18:19 +0100)
author Paul Brossier <piem@piem.org>
Thu, 20 Dec 2018 17:19:22 +0000 (18:19 +0100)
committer Paul Brossier <piem@piem.org>
Thu, 20 Dec 2018 17:19:22 +0000 (18:19 +0100)
diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c

index deec960..b893619 100644 (file)
--- a/src/io/source_wavread.c
+++ b/src/io/source_wavread.c
@@ -24,6 +24,7 @@
  
  #include "fvec.h"
  #include "fmat.h"
  
  #include "fvec.h"
  #include "fmat.h"
+#include "ioutils.h"
  #include "source_wavread.h"
  
  #include <errno.h>
  #include "source_wavread.h"
  
  #include <errno.h>
@@ -347,13 +348,15 @@ void aubio_source_wavread_do(aubio_source_wavread_t * s, fvec_t * read_data, uin
    uint_t i, j;
    uint_t end = 0;
    uint_t total_wrote = 0;
    uint_t i, j;
    uint_t end = 0;
    uint_t total_wrote = 0;
+  uint_t length = aubio_source_validate_input_length("source_wavread", s->path,
+      s->hop_size, read_data->length);
    if (s->fid == NULL) {
      AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
          s->path);
      return;
    }
    if (s->fid == NULL) {
      AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
          s->path);
      return;
    }
-  while (total_wrote < s->hop_size) {
-    end = MIN(s->read_samples - s->read_index, s->hop_size - total_wrote);
+  while (total_wrote < length) {
+    end = MIN(s->read_samples - s->read_index, length - total_wrote);
      for (i = 0; i < end; i++) {
        read_data->data[i + total_wrote] = 0;
        for (j = 0; j < s->input_channels; j++ ) {
      for (i = 0; i < end; i++) {
        read_data->data[i + total_wrote] = 0;
        for (j = 0; j < s->input_channels; j++ ) {
@@ -362,7 +365,7 @@ void aubio_source_wavread_do(aubio_source_wavread_t * s, fvec_t * read_data, uin
        read_data->data[i + total_wrote] /= (smpl_t)(s->input_channels);
      }
      total_wrote += end;
        read_data->data[i + total_wrote] /= (smpl_t)(s->input_channels);
      }
      total_wrote += end;
-    if (total_wrote < s->hop_size) {
+    if (total_wrote < length) {
        uint_t wavread_read = 0;
        aubio_source_wavread_readframe(s, &wavread_read);
        s->read_samples = wavread_read;
        uint_t wavread_read = 0;
        aubio_source_wavread_readframe(s, &wavread_read);
        s->read_samples = wavread_read;
@@ -374,8 +377,8 @@ void aubio_source_wavread_do(aubio_source_wavread_t * s, fvec_t * read_data, uin
        s->read_index += end;
      }
    }
        s->read_index += end;
      }
    }
-  if (total_wrote < s->hop_size) {
-    for (i = end; i < s->hop_size; i++) {
+  if (total_wrote < length) {
+    for (i = end; i < length; i++) {
        read_data->data[i] = 0.;
      }
    }
        read_data->data[i] = 0.;
      }
    }
@@ -386,20 +389,24 @@ void aubio_source_wavread_do_multi(aubio_source_wavread_t * s, fmat_t * read_dat
    uint_t i,j;
    uint_t end = 0;
    uint_t total_wrote = 0;
    uint_t i,j;
    uint_t end = 0;
    uint_t total_wrote = 0;
+  uint_t length = aubio_source_validate_input_length("source_wavread", s->path,
+      s->hop_size, read_data->length);
+  uint_t channels = aubio_source_validate_input_channels("source_wavread",
+      s->path, s->input_channels, read_data->height);
    if (s->fid == NULL) {
      AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
          s->path);
      return;
    }
    if (s->fid == NULL) {
      AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
          s->path);
      return;
    }
-  while (total_wrote < s->hop_size) {
-    end = MIN(s->read_samples - s->read_index, s->hop_size - total_wrote);
-    for (j = 0; j < read_data->height; j++) {
+  while (total_wrote < length) {
+    end = MIN(s->read_samples - s->read_index, length - total_wrote);
+    for (j = 0; j < channels; j++) {
        for (i = 0; i < end; i++) {
          read_data->data[j][i + total_wrote] = s->output->data[j][i];
        }
      }
      total_wrote += end;
        for (i = 0; i < end; i++) {
          read_data->data[j][i + total_wrote] = s->output->data[j][i];
        }
      }
      total_wrote += end;
-    if (total_wrote < s->hop_size) {
+    if (total_wrote < length) {
        uint_t wavread_read = 0;
        aubio_source_wavread_readframe(s, &wavread_read);
        s->read_samples = wavread_read;
        uint_t wavread_read = 0;
        aubio_source_wavread_readframe(s, &wavread_read);
        s->read_samples = wavread_read;
@@ -411,9 +418,9 @@ void aubio_source_wavread_do_multi(aubio_source_wavread_t * s, fmat_t * read_dat
        s->read_index += end;
      }
    }
        s->read_index += end;
      }
    }
-  if (total_wrote < s->hop_size) {
+  if (total_wrote < length) {
      for (j = 0; j < read_data->height; j++) {
      for (j = 0; j < read_data->height; j++) {
-      for (i = end; i < s->hop_size; i++) {
+      for (i = end; i < length; i++) {
          read_data->data[j][i] = 0.;
        }
      }
          read_data->data[j][i] = 0.;
        }
      }
author	Paul Brossier <piem@piem.org>
	Thu, 20 Dec 2018 17:19:22 +0000 (18:19 +0100)
committer	Paul Brossier <piem@piem.org>
	Thu, 20 Dec 2018 17:19:22 +0000 (18:19 +0100)