From 6372aaa6087b0836becf7cf9da5a29f93047007d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Gro=C3=9F?= <s3b.gr0ss@gmail.com>
Date: Sun, 20 Feb 2022 14:05:05 +0100
Subject: [PATCH] audiovisualizer: shader: Fix dframe out of bound write

shader_fade_and_move_horiz_out writes a complete stride at the end of its
dframe data

This led to SIGSEGV since the stride reached into sframe->map[0]->memory
which could not be umpapped later on.

This is due to `d` is increased twice. Once at the end of the upper loop
and at the start of the lower loop.
The corresponding dframe stride is therefore skipped.

Rewind `d` and start at the correct position.

Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/issues/1702

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/1751>
---
 .../gst-libs/gst/pbutils/gstaudiovisualizer.c                 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/subprojects/gst-plugins-base/gst-libs/gst/pbutils/gstaudiovisualizer.c b/subprojects/gst-plugins-base/gst-libs/gst/pbutils/gstaudiovisualizer.c
index 6f0ecacbb2..b8cefd914c 100644
--- a/subprojects/gst-plugins-base/gst-libs/gst/pbutils/gstaudiovisualizer.c
+++ b/subprojects/gst-plugins-base/gst-libs/gst/pbutils/gstaudiovisualizer.c
@@ -336,6 +336,10 @@ shader_fade_and_move_horiz_out (GstAudioVisualizer * scope,
     }
     d += ds;
   }
+
+  /* rewind one stride */
+  d -= ds;
+
   /* move lower half down */
   for (j = 0; j < height / 2; j++) {
     d += ds;