libobs: bound volmeter plane index against MAX_AV_PLANES#737
Open
summeroff wants to merge 1 commit into
Open
Conversation
volmeter_process_peak() and volmeter_process_magnitude() walk data->data[] with plane_nr advanced solely by the loop's `channel_nr < nr_channels` condition, so plane_nr itself is never checked against MAX_AV_PLANES. This is safe today only because nr_channels comes from get_nr_channels_from_audio_data(), which counts the non-NULL planes in the same array - guaranteeing the loop finds enough planes before plane_nr leaves bounds, regardless of plane layout. If nr_channels were ever sourced from a declared channel/speaker layout instead of from counting planes, the loop would index past data->data[MAX_AV_PLANES - 1] (an out-of-bounds read), and since MAX_AUDIO_CHANNELS == MAX_AV_PLANES the existing CLAMP would not catch it. Add an explicit `plane_nr < MAX_AV_PLANES` guard to both loops. Behavior is unchanged under the current invariant; this only hardens against a future change to how nr_channels is derived. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds an explicit
plane_nr < MAX_AV_PLANESbound to the two plane-scan loops inlibobs/obs-audio-controls.c(volmeter_process_peakandvolmeter_process_magnitude).Why
Both loops index
data->data[plane_nr]whileplane_nris advanced solely by thechannel_nr < nr_channelscondition —plane_nritself is never checked againstMAX_AV_PLANES.It is safe today only because
nr_channelsis produced byget_nr_channels_from_audio_data(), which counts the non-NULL planes in the samedata->data[]array. That guarantees the loop encounters enough planes beforeplane_nrleaves bounds, for any plane layout (contiguous, interleaved, or trailing-NULL).The footgun: the safety lives in a different function than the unguarded access. If
nr_channelswere ever derived from a source's declared channel/speaker layout instead of from counting planes, the loop would read pastdata->data[MAX_AV_PLANES - 1]. BecauseMAX_AUDIO_CHANNELS == MAX_AV_PLANES == 8, the existingCLAMPinget_nr_channels_from_audio_data()would not catch that case either.This is a behavior-preserving hardening change — under the current invariant the new guard is never the condition that ends the loop.
Testing
libobstarget locally (VS 2022 / RelWithDebInfo) — compiles clean, no new warnings.Note on the clang-format CI check
The
clang-formatcheck is expected to come back red, and it is not caused by this change. CI runs clang-format (v19) over the entire changed file, andobs-audio-controls.ccarries one pre-existing deviation unrelated to this PR (theobs_fader_add_callbacksignature, last formatted under the old 80-col config). That line was deliberately left untouched to keep this diff minimal and focused on the actual fix. Happy to fold in the one-line format normalization if preferred.🤖 Generated with Claude Code