search

MediaArea / MediaInfoLib

Convenient unified display of the most relevant technical and tag data for video and audio files.
https://mediaarea.net/MediaInfo
BSD 2-Clause "Simplified" License
638 stars 177 forks source link

Fix out-of-bounds array read in File_Aac_Main #2117

Closed cjee21 closed 1 month ago

cjee21 commented 1 month ago

As mentioned in https://github.com/MediaArea/MediaInfoLib/issues/2105#issuecomment-2381399096, this is one of the issues found with Visual Studio Code Analysis and also Cppcheck.

Visual Studio: Screenshot 2024-09-30 175112

Cppcheck:

Id: arrayIndexOutOfBoundsCond
CWE: 788
Either the condition 'OutputChannels[i]>Aac_OutputChannelPosition_Size' is redundant or the array 'Aac_ChannelMode[43]' is accessed at index 43, which is out of bounds.

https://github.com/MediaArea/MediaInfoLib/blob/00d96580cfaff7f189af13d6ec6cf8f7d8b3a72d/Source/MediaInfo/Audio/File_Aac_Main.cpp#L498-L501

The issue is that Aac_OutputChannelPosition_Size is 43 and Aac_ChannelMode has 43 elements. Since an array starts with 0, the max we can access in Aac_ChannelMode is 42. So we change >Aac_OutputChannelPosition_Size to >=Aac_OutputChannelPosition_Size to prevent accessing Aac_ChannelMode[43].

JeromeMartinez commented 1 month ago

Ouch... Good catch. We definitely to run (again) the static analysis... Thank you for handling that.