• Status Closed
  • Percent Complete
  • Task Type Bugs
  • Category Codecs
  • Assigned To No-one
  • Operating System All players
  • Severity High
  • Priority Very Low
  • Reported Version Release 3.9
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Rockbox
Opened by thomasjfox - 2011-08-25
Last edited by Buschel - 2011-08-26

FS#12245 - Memory corruption in libfaad


libfaad currently has a memory corruption issue here:
[apps/codecs/libfaad/syntax.c:2206]: (error) Buffer access out-of-bounds: drc.exclude_mask

To save some RAM, the define MAX_CHANNLES was turned down
from 64 to 2. The code has some minimum assumptions about the size
of exclude_mask and additional_excluded_chns.

Dunno what the correct fix is, for now I would turn back MAX_CHANNELS to 64
to prevent a crash.


Closed by  Buschel
2011-08-26 12:38
Reason for closing:  Fixed
Additional comments about closing:   Warning: Undefined array key "typography" in /home/rockbox/flyspray/plugins/dokuwiki/inc/parserutils.php on line 371 Warning: Undefined array key "camelcase" in /home/rockbox/flyspray/plugins/dokuwiki/inc/parserutils.php on line 407

Fix submitted with r30356.

Do you experience this crash, or is this the result of a static code analysis? I am not sure whether the problematic code section in the DRC-handling is called, if the file has more than MAX_CHANNELS channels. If you have any file that results in such crash, please provide it for further detailed analysis.

Edit: A simple workaround would be to allow the related arrays to have a size of 64 – like the attached patch does. We should not rollback the MAX_CHANNEL change as it allows to move data arrays into IRAM and speed up the decoder a lot.

Result of static code analysis. Your fix looks sane, didn't come up with that yesterday (and wouldn't even today ;))


Available keyboard shortcuts


Task Details

Task Editing