dr_wav (dev): Coverity flagged and Untrusted array index read (CWE-129) in `drwav_read_pcm_frames_s16__ima`

mackron / dr_libs

Audio decoding libraries for C/C++, each in a single source file.

Other

1.24k stars 205 forks source link

dr_wav (dev): Coverity flagged and Untrusted array index read (CWE-129) in `drwav_read_pcm_frames_s16__ima` #220

Closed kcgen closed 2 years ago

kcgen commented 2 years ago

_"The array index could be controlled by an attacker, leading to reads outside the bounds of the array. In drwav_read_pcm_frames_s16__ima: read from array at index computed using an unscrutinized value from an untrusted source (CWE-129)"_

2021-12-07_10-01 2021-12-07_10-02

mackron commented 2 years ago

There's no bug here because those values are checked in the section right above it. Regardless, I've added a clamp which should clean this error up.

kcgen commented 2 years ago

Confirmed fixed; all clean! Thanks again @mackron 🚀

mackron commented 2 years ago

Thanks for confirming that. This fix has been released.