Closed sseyod closed 3 years ago
Hi Chris,
I've found that the speex code is very prone to crashing, due to hidden signed/unsigned conversions. macOS/iOS/tvOS, using Clang.
For example:
for (j = old_length - 2 + st->magic_samples[i]; j >= 0; j--) {
If old_length is 0, this leads to j becoming a seriously out of range value (because old_length is unsigned...)
Needs protecting with e.g. something like:
if (old_length > 2) { for (j = old_length - 2 + st->magic_samples[i]; j >= 0; j--) {
HTH
Pete
Your suggestion of switching to libsamplerate has (naturally!) fixed this problem.
Thank you very much!
Closing this issue.
Hi Chris,
I've found that the speex code is very prone to crashing, due to hidden signed/unsigned conversions. macOS/iOS/tvOS, using Clang.
For example:
If old_length is 0, this leads to j becoming a seriously out of range value (because old_length is unsigned...)
Needs protecting with e.g. something like:
HTH
Pete