From f4a77308ec6a73ee8fdeb6212d3ae02ca68485a9 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Mon, 6 May 2024 15:45:49 +0300 Subject: [PATCH] engine: soundlib: fix possible buffer overflow in Sound_ConvertUpsample --- engine/common/soundlib/snd_utils.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/engine/common/soundlib/snd_utils.c b/engine/common/soundlib/snd_utils.c index 73f7f0c2..0f65bbb0 100644 --- a/engine/common/soundlib/snd_utils.c +++ b/engine/common/soundlib/snd_utils.c @@ -272,13 +272,14 @@ static qboolean Sound_ConvertDownsample( wavdata_t *sc, int inwidth, int outwidt return false; } -static qboolean Sound_ConvertUpsample( wavdata_t *sc, int inwidth, int outwidth, int outcount, double stepscale ) +static qboolean Sound_ConvertUpsample( wavdata_t *sc, int inwidth, int outwidth, int outcount, int incount, double stepscale ) { - const int incount = ( outcount * stepscale ) - 1; size_t i; double j; double frac; + incount--; // to not go past last sample while interpolating + if( inwidth == 1 ) { int8_t *data = (int8_t *)sc->buffer; @@ -449,7 +450,7 @@ static qboolean Sound_ResampleInternal( wavdata_t *sc, int inrate, int inwidth, qboolean handled = false; double stepscale; double t1, t2; - int outcount; + int outcount, incount = sc->samples; if( inrate == outrate && inwidth == outwidth ) return false; @@ -496,7 +497,7 @@ static qboolean Sound_ResampleInternal( wavdata_t *sc, int inrate, int inwidth, else if( inrate > outrate ) // fast case, usually downsample but is also ok for upsampling handled = Sound_ConvertDownsample( sc, inwidth, outwidth, outcount, stepscale ); else // upsample case, w/ interpolation - handled = Sound_ConvertUpsample( sc, inwidth, outwidth, outcount, stepscale ); + handled = Sound_ConvertUpsample( sc, inwidth, outwidth, outcount, incount, stepscale ); t2 = Sys_DoubleTime();