edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-11-19 06:28:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential out-of-bounds writes on invalid opus files

Browse source 
The third parameter of the `op_read` function specifies the remaining size of the buffer, but we always passed the total size of the buffer without respecting the position at which the data is written into the buffer.
This commit is contained in:
Robert Müller 2024-04-25 20:21:04 +02:00
parent 4d37775c17
commit 51012bcc1b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/engine/client/sound.cpp
View file

@ -358,7 +358,7 @@ bool CSound::DecodeOpus(CSample &Sample, const void *pData, unsigned DataSize) c
int Pos = 0;
while(Pos < NumSamples)
{
const int Read = op_read(pOpusFile, pSampleData + Pos * NumChannels, NumSamples * NumChannels, nullptr);
const int Read = op_read(pOpusFile, pSampleData + Pos * NumChannels, (NumSamples - Pos) * NumChannels, nullptr);
if(Read < 0)
{
free(pSampleData);