From ec3f25f95dc2d41befcb3d2a648616ee57630ab1 Mon Sep 17 00:00:00 2001
From: Paul Brossier <piem@piem.org>
Date: Thu, 20 Dec 2018 18:19:22 +0100
Subject: [PATCH 1/1] [source_wavread] validate input sizes to prevent invalid
 reads

---
 src/io/source_wavread.c | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/io/source_wavread.c b/src/io/source_wavread.c
index deec9604..b893619b 100644
--- a/src/io/source_wavread.c
+++ b/src/io/source_wavread.c
@@ -24,6 +24,7 @@
 
 #include "fvec.h"
 #include "fmat.h"
+#include "ioutils.h"
 #include "source_wavread.h"
 
 #include <errno.h>
@@ -347,13 +348,15 @@ void aubio_source_wavread_do(aubio_source_wavread_t * s, fvec_t * read_data, uin
   uint_t i, j;
   uint_t end = 0;
   uint_t total_wrote = 0;
+  uint_t length = aubio_source_validate_input_length("source_wavread", s->path,
+      s->hop_size, read_data->length);
   if (s->fid == NULL) {
     AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
         s->path);
     return;
   }
-  while (total_wrote < s->hop_size) {
-    end = MIN(s->read_samples - s->read_index, s->hop_size - total_wrote);
+  while (total_wrote < length) {
+    end = MIN(s->read_samples - s->read_index, length - total_wrote);
     for (i = 0; i < end; i++) {
       read_data->data[i + total_wrote] = 0;
       for (j = 0; j < s->input_channels; j++ ) {
@@ -362,7 +365,7 @@ void aubio_source_wavread_do(aubio_source_wavread_t * s, fvec_t * read_data, uin
       read_data->data[i + total_wrote] /= (smpl_t)(s->input_channels);
     }
     total_wrote += end;
-    if (total_wrote < s->hop_size) {
+    if (total_wrote < length) {
       uint_t wavread_read = 0;
       aubio_source_wavread_readframe(s, &wavread_read);
       s->read_samples = wavread_read;
@@ -374,8 +377,8 @@ void aubio_source_wavread_do(aubio_source_wavread_t * s, fvec_t * read_data, uin
       s->read_index += end;
     }
   }
-  if (total_wrote < s->hop_size) {
-    for (i = end; i < s->hop_size; i++) {
+  if (total_wrote < length) {
+    for (i = end; i < length; i++) {
       read_data->data[i] = 0.;
     }
   }
@@ -386,20 +389,24 @@ void aubio_source_wavread_do_multi(aubio_source_wavread_t * s, fmat_t * read_dat
   uint_t i,j;
   uint_t end = 0;
   uint_t total_wrote = 0;
+  uint_t length = aubio_source_validate_input_length("source_wavread", s->path,
+      s->hop_size, read_data->length);
+  uint_t channels = aubio_source_validate_input_channels("source_wavread",
+      s->path, s->input_channels, read_data->height);
   if (s->fid == NULL) {
     AUBIO_ERR("source_wavread: could not read from %s (file not opened)\n",
         s->path);
     return;
   }
-  while (total_wrote < s->hop_size) {
-    end = MIN(s->read_samples - s->read_index, s->hop_size - total_wrote);
-    for (j = 0; j < read_data->height; j++) {
+  while (total_wrote < length) {
+    end = MIN(s->read_samples - s->read_index, length - total_wrote);
+    for (j = 0; j < channels; j++) {
       for (i = 0; i < end; i++) {
         read_data->data[j][i + total_wrote] = s->output->data[j][i];
       }
     }
     total_wrote += end;
-    if (total_wrote < s->hop_size) {
+    if (total_wrote < length) {
       uint_t wavread_read = 0;
       aubio_source_wavread_readframe(s, &wavread_read);
       s->read_samples = wavread_read;
@@ -411,9 +418,9 @@ void aubio_source_wavread_do_multi(aubio_source_wavread_t * s, fmat_t * read_dat
       s->read_index += end;
     }
   }
-  if (total_wrote < s->hop_size) {
+  if (total_wrote < length) {
     for (j = 0; j < read_data->height; j++) {
-      for (i = end; i < s->hop_size; i++) {
+      for (i = end; i < length; i++) {
         read_data->data[j][i] = 0.;
       }
     }
-- 
2.11.0