Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(214)

Side by Side Diff: Source/WebCore/platform/audio/HRTFKernel.cpp

Issue 8231033: Merge 97214 - Heap buffer overflow in Webaudio FFTFrame::doFFT (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/874/
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | Source/WebCore/platform/audio/HRTFPanner.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
44 // Takes the input AudioChannel as an input impulse response and calculates the average group delay. 44 // Takes the input AudioChannel as an input impulse response and calculates the average group delay.
45 // This represents the initial delay before the most energetic part of the impul se response. 45 // This represents the initial delay before the most energetic part of the impul se response.
46 // The sample-frame delay is removed from the impulseP impulse response, and thi s value is returned. 46 // The sample-frame delay is removed from the impulseP impulse response, and thi s value is returned.
47 // the length of the passed in AudioChannel must be a power of 2. 47 // the length of the passed in AudioChannel must be a power of 2.
48 static double extractAverageGroupDelay(AudioChannel* channel, size_t analysisFFT Size) 48 static double extractAverageGroupDelay(AudioChannel* channel, size_t analysisFFT Size)
49 { 49 {
50 ASSERT(channel); 50 ASSERT(channel);
51 51
52 float* impulseP = channel->data(); 52 float* impulseP = channel->data();
53 53
54 ASSERT(channel->length() >= analysisFFTSize); 54 bool isSizeGood = channel->length() >= analysisFFTSize;
55 ASSERT(isSizeGood);
56 if (!isSizeGood)
57 return 0;
55 58
56 // Check for power-of-2. 59 // Check for power-of-2.
57 ASSERT(1UL << static_cast<unsigned>(log2(analysisFFTSize)) == analysisFFTSiz e); 60 ASSERT(1UL << static_cast<unsigned>(log2(analysisFFTSize)) == analysisFFTSiz e);
58 61
59 FFTFrame estimationFrame(analysisFFTSize); 62 FFTFrame estimationFrame(analysisFFTSize);
60 estimationFrame.doFFT(impulseP); 63 estimationFrame.doFFT(impulseP);
61 64
62 double frameDelay = estimationFrame.extractAverageGroupDelay(); 65 double frameDelay = estimationFrame.extractAverageGroupDelay();
63 estimationFrame.doInverseFFT(impulseP); 66 estimationFrame.doInverseFFT(impulseP);
64 67
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
133 136
134 double frameDelay = (1.0 - x) * kernel1->frameDelay() + x * kernel2->frameDe lay(); 137 double frameDelay = (1.0 - x) * kernel1->frameDelay() + x * kernel2->frameDe lay();
135 138
136 OwnPtr<FFTFrame> interpolatedFrame = FFTFrame::createInterpolatedFrame(*kern el1->fftFrame(), *kernel2->fftFrame(), x); 139 OwnPtr<FFTFrame> interpolatedFrame = FFTFrame::createInterpolatedFrame(*kern el1->fftFrame(), *kernel2->fftFrame(), x);
137 return HRTFKernel::create(interpolatedFrame.release(), frameDelay, sampleRat e1); 140 return HRTFKernel::create(interpolatedFrame.release(), frameDelay, sampleRat e1);
138 } 141 }
139 142
140 } // namespace WebCore 143 } // namespace WebCore
141 144
142 #endif // ENABLE(WEB_AUDIO) 145 #endif // ENABLE(WEB_AUDIO)
OLDNEW
« no previous file with comments | « no previous file | Source/WebCore/platform/audio/HRTFPanner.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698