From 96004cd75111f742089b5f9554d20d18f9e83444 Mon Sep 17 00:00:00 2001
From: Fabrice Bellet <fabrice@bellet.info>
Date: Mon, 22 Jul 2019 08:00:00 +0000
Subject: [PATCH] siren: fix a global buffer overflow spotted by asan

This patch just enforces boudaries for the access to the
standard_deviation array (64 floats). Such case can be
seen with a corrupted stream, where there's no hope to
obtain a valid decoded frame anyway.

https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/1002
---
 gst/siren/huffman.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gst/siren/huffman.c b/gst/siren/huffman.c
index 432656e3c4..f856e28b6f 100644
--- a/gst/siren/huffman.c
+++ b/gst/siren/huffman.c
@@ -153,6 +153,10 @@ decode_envelope (int number_of_regions, float *decoder_standard_deviation,
 
     absolute_region_power_index[i] =
         absolute_region_power_index[i - 1] - index - 12;
+    if (absolute_region_power_index[i] < -24)
+      absolute_region_power_index[i] = -24;
+    else if (absolute_region_power_index[i] > 39)
+      absolute_region_power_index[i] = 39;
     decoder_standard_deviation[i] =
         standard_deviation[absolute_region_power_index[i] + 24];
   }