`plc_fillin` can overflow the input buffer

freeswitch / spandsp

SpanDSP is a low-level signal processing library that modulates and demodulates signals commonly used in telephony, such as the "noise" generated by a fax modem or DTMF touchpad.

Other

152 stars 120 forks source link

`plc_fillin` can overflow the input buffer #43

Open MathieuDuponchelle opened 2 years ago

MathieuDuponchelle commented 2 years ago

When calling plc_fillin with plc_state_t *s and s->missing_samples == 0, the function attempts to write pitch_overlap bytes to the input buffer, regardless of its length. This causes crashes in a GStreamer application using the spandsp plugin, because it might call plc_fillin with very small buffers (eg with my test case 2-byte long).

Can the documentation of plc_fillin be updated to specify the minimum size of its input buffers, or even better the function be fixed to support any-sized buffers?

Thanks!

andywolk commented 2 years ago

Hi @MathieuDuponchelle Can you fix that and make a PR?

MathieuDuponchelle commented 2 years ago

Hey @andywolk , I wish, but I'm completely unfamiliar with the code base. Perhaps if you guide me through the correct solution I can propose something, but that will probably not be very efficient :)

coppice-git commented 1 year ago

That problem should now be fixed. There was a test in the normal receive function that was missing in the fillin version.

andywolk commented 1 year ago

@coppice-git shouldn't the file sit in src/ not in root?

coppice-git commented 1 year ago

Yeah. I just screwed up, while trying to sort out my access to the repo. It should be fixed now.

MathieuDuponchelle commented 1 year ago

Great, thanks! To be honest though I don't remember how I was testing this so can't confirm the fix works :)