Open
Description
When decoding 48000 samples of DRED (1 second) needed_feature_frames happens to be 102.
int opus_decode_native(OpusDecoder *st, const unsigned char *data,
opus_int32 len, opus_val16 *pcm, int frame_size, int decode_fec,
int self_delimited, opus_int32 *packet_offset, int soft_clip, const OpusDRED *dred, opus_int32 dred_offset)
{
/* ......... */
/* if blend==0, the last PLC call was "update" and we need to feed two extra 10-ms frames. */
init_frames = (st->lpcnet.blend == 0) ? 2 : 0;
features_per_frame = IMAX(1, frame_size/F10);
needed_feature_frames = init_frames + features_per_frame;
lpcnet_plc_fec_clear(&st->lpcnet);
for (i=0;i<needed_feature_frames;i++) {
lpcnet_plc_fec_add is then called 102 times in a row. However, fec_read_pos is 0 in this case and when fec_fill_pos gets equal to PLC_MAX_FEC(100), it doesn't actually get decreased and thus subsequent OPUS_COPY overruns the buffer.
void lpcnet_plc_fec_add(LPCNetPLCState *st, const float *features) {
if (features == NULL) {
st->fec_skip++;
return;
}
if (st->fec_fill_pos == PLC_MAX_FEC) {
OPUS_MOVE(&st->fec[0][0], &st->fec[st->fec_read_pos][0], (st->fec_fill_pos-st->fec_read_pos)*NB_FEATURES);
st->fec_fill_pos = st->fec_fill_pos-st->fec_read_pos;
st->fec_read_pos -= st->fec_read_pos;
}
OPUS_COPY(&st->fec[st->fec_fill_pos][0], features, NB_FEATURES);
st->fec_fill_pos++;
}
What's the proper fix in this case?
Metadata
Metadata
Assignees
Labels
No labels