Skip to content

Commit

Permalink
Fix possible out of bounds read of SF2 instruments
Browse files Browse the repository at this point in the history 
Checks possible out of bounds scope for sample interpolation
  • Loading branch information
@tmyqlfpir
tmyqlfpir committed Feb 13, 2024
1 parent c53a363 commit 6d02534
Showing 1 changed file with 14 additions and 14 deletions.
28 changes: 14 additions & 14 deletions source/audiolib/src/tsf.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1107,9 +1107,9 @@ static float tsf_voice_interpolate(float* input, unsigned int *pos, float alpha,
switch (interpolatemode)
{
case TSF_INTERP_NEAREST:
return input[pos[0]];
return input[pos[1]];
case TSF_INTERP_LINEAR:
return (input[pos[0]] * (1.f - alpha) + input[pos[1]] * alpha);
return (input[pos[1]] * (1.f - alpha) + input[pos[2]] * alpha);
case TSF_INTERP_CUBIC:
{
const float pointa = input[pos[0]], pointb = input[pos[1]], pointc = input[pos[2]], pointd = input[pos[3]];
Expand Down Expand Up @@ -1199,13 +1199,13 @@ static void tsf_voice_render(tsf* f, struct tsf_voice* v, float* outputBuffer, i
while (blockSamples-- && tmpSourceSamplePosition < tmpSampleEndDbl)
{
// Get samples.
pos[0] = (unsigned int)tmpSourceSamplePosition;
pos[1] = (unsigned int)tmpSourceSamplePosition;
if (f->interpolatemode != TSF_INTERP_NEAREST)
{
alpha = (float)(tmpSourceSamplePosition - pos[0]);
pos[1] = (pos[0] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[0] + 1);
alpha = (float)(tmpSourceSamplePosition - pos[1]);
pos[2] = isLooping ? (pos[1] >= tmpLoopEnd ? tmpLoopStart : pos[1] + 1) : (pos[1] + 1 == region->end ? pos[1] : pos[1] + 1);
if (f->interpolatemode == TSF_INTERP_CUBIC)
pos[2] = (pos[1] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[1] + 1), pos[3] = (pos[2] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[2] + 1);
pos[0] = (pos[1] == tmpLoopStart && isLooping ? tmpLoopEnd : pos[1] == 0 ? 0 : pos[1] - 1), pos[3] = isLooping ? (pos[2] >= tmpLoopEnd ? tmpLoopStart : pos[2] + 1) : (pos[2] + 1 < region->end ? pos[2] + 1 : pos[2]);
}

// Interpolation.
Expand All @@ -1228,13 +1228,13 @@ static void tsf_voice_render(tsf* f, struct tsf_voice* v, float* outputBuffer, i
while (blockSamples-- && tmpSourceSamplePosition < tmpSampleEndDbl)
{
// Get samples.
pos[0] = (unsigned int)tmpSourceSamplePosition;
pos[1] = (unsigned int)tmpSourceSamplePosition;
if (f->interpolatemode != TSF_INTERP_NEAREST)
{
alpha = (float)(tmpSourceSamplePosition - pos[0]);
pos[1] = (pos[0] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[0] + 1);
alpha = (float)(tmpSourceSamplePosition - pos[1]);
pos[2] = isLooping ? (pos[1] >= tmpLoopEnd ? tmpLoopStart : pos[1] + 1) : (pos[1] + 1 == region->end ? pos[1] : pos[1] + 1);
if (f->interpolatemode == TSF_INTERP_CUBIC)
pos[2] = (pos[1] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[1] + 1), pos[3] = (pos[2] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[2] + 1);
pos[0] = (pos[1] == tmpLoopStart && isLooping ? tmpLoopEnd : pos[1] == 0 ? 0 : pos[1] - 1), pos[3] = isLooping ? (pos[2] >= tmpLoopEnd ? tmpLoopStart : pos[2] + 1) : (pos[2] + 1 < region->end ? pos[2] + 1 : pos[2]);
}

// Interpolation.
Expand All @@ -1256,13 +1256,13 @@ static void tsf_voice_render(tsf* f, struct tsf_voice* v, float* outputBuffer, i
while (blockSamples-- && tmpSourceSamplePosition < tmpSampleEndDbl)
{
// Get samples.
pos[0] = (unsigned int)tmpSourceSamplePosition;
pos[1] = (unsigned int)tmpSourceSamplePosition;
if (f->interpolatemode != TSF_INTERP_NEAREST)
{
alpha = (float)(tmpSourceSamplePosition - pos[0]);
pos[1] = (pos[0] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[0] + 1);
alpha = (float)(tmpSourceSamplePosition - pos[1]);
pos[2] = isLooping ? (pos[1] >= tmpLoopEnd ? tmpLoopStart : pos[1] + 1) : (pos[1] + 1 == region->end ? pos[1] : pos[1] + 1);
if (f->interpolatemode == TSF_INTERP_CUBIC)
pos[2] = (pos[1] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[1] + 1), pos[3] = (pos[2] >= tmpLoopEnd && isLooping ? tmpLoopStart : pos[2] + 1);
pos[0] = (pos[1] == tmpLoopStart && isLooping ? tmpLoopEnd : pos[1] == 0 ? 0 : pos[1] - 1), pos[3] = isLooping ? (pos[2] >= tmpLoopEnd ? tmpLoopStart : pos[2] + 1) : (pos[2] + 1 < region->end ? pos[2] + 1 : pos[2]);
}

// Interpolation.
Expand Down

0 comments on commit 6d02534

Please sign in to comment.