Fix out-of-bounds array read in File_Aac_Main #2117

cjee21 · 2024-09-30T10:44:02Z

As mentioned in #2105 (comment), this is one of the issues found with Visual Studio Code Analysis and also Cppcheck.

Visual Studio:

Cppcheck:

Id: arrayIndexOutOfBoundsCond
CWE: 788
Either the condition 'OutputChannels[i]>Aac_OutputChannelPosition_Size' is redundant or the array 'Aac_ChannelMode[43]' is accessed at index 43, which is out of bounds.

MediaInfoLib/Source/MediaInfo/Audio/File_Aac_Main.cpp

Lines 498 to 501 in 00d9658

    
           if (OutputChannels[i]>Aac_OutputChannelPosition_Size) 
        
               ChannelModes[Aac_ChannelMode_Max]++; 
        
           else 
        
               ChannelModes[Aac_ChannelMode[OutputChannels[i]]]++;

The issue is that Aac_OutputChannelPosition_Size is 43 and Aac_ChannelMode has 43 elements. Since an array starts with 0, the max we can access in Aac_ChannelMode is 42. So we change >Aac_OutputChannelPosition_Size to >=Aac_OutputChannelPosition_Size to prevent accessing Aac_ChannelMode[43].

JeromeMartinez · 2024-09-30T12:04:24Z

Ouch... Good catch.
We definitely to run (again) the static analysis... Thank you for handling that.

Fix out-of-bounds array read in File_Aac_Main

e95f8b6

JeromeMartinez merged commit e7fd9f0 into MediaArea:master Sep 30, 2024
9 checks passed

cjee21 deleted the AAC branch September 30, 2024 12:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix out-of-bounds array read in File_Aac_Main #2117

Fix out-of-bounds array read in File_Aac_Main #2117

cjee21 commented Sep 30, 2024

JeromeMartinez commented Sep 30, 2024

	if (OutputChannels[i]>Aac_OutputChannelPosition_Size)
	ChannelModes[Aac_ChannelMode_Max]++;
	else
	ChannelModes[Aac_ChannelMode[OutputChannels[i]]]++;

Fix out-of-bounds array read in File_Aac_Main #2117

Fix out-of-bounds array read in File_Aac_Main #2117

Conversation

cjee21 commented Sep 30, 2024

JeromeMartinez commented Sep 30, 2024