Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1307)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/platform/audio/ReverbConvolverStage.cpp

Issue 23689004: Don't read past the end of the impulseResponse array (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/platform/audio/ReverbConvolverStage.cpp
diff --git a/Source/core/platform/audio/ReverbConvolverStage.cpp b/Source/core/platform/audio/ReverbConvolverStage.cpp
index e4c9954910c0639082bcbff51715c5b983d38f51..51fe898315281507a1660bdde65e1f74b9259b19 100644
--- a/Source/core/platform/audio/ReverbConvolverStage.cpp
+++ b/Source/core/platform/audio/ReverbConvolverStage.cpp
@@ -58,8 +58,11 @@ ReverbConvolverStage::ReverbConvolverStage(const float* impulseResponse, size_t,
m_fftKernel->doPaddedFFT(impulseResponse + stageOffset, stageLength);
m_fftConvolver = adoptPtr(new FFTConvolver(fftSize));
} else {
+ ASSERT(!stageOffset);
+ ASSERT(stageLength <= fftSize / 2);
+
m_directKernel = adoptPtr(new AudioFloatArray(fftSize / 2));
- m_directKernel->copyToRange(impulseResponse + stageOffset, 0, fftSize / 2);
+ m_directKernel->copyToRange(impulseResponse, 0, stageLength);
m_directConvolver = adoptPtr(new DirectConvolver(renderSliceSize));
}
m_temporaryBuffer.allocate(renderSliceSize);
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698