From 5854538e9a1b578a73b019f838fe48be0ae20097 Mon Sep 17 00:00:00 2001 From: Emily Mabrey Date: Fri, 30 Jul 2021 00:48:23 -0400 Subject: [PATCH] Fix for unsage `alloca` usage (CWE-770) Removed two looping usages of `alloca` that could lead to smashed stacks. Signed-off-by: Emily Mabrey --- src/AudioIO.cpp | 11 +++++++---- src/effects/RealtimeEffectManager.cpp | 19 +++++++++++++------ 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/src/AudioIO.cpp b/src/AudioIO.cpp index 512d382a6..1c7eb90f0 100644 --- a/src/AudioIO.cpp +++ b/src/AudioIO.cpp @@ -3844,12 +3844,13 @@ bool AudioIoCallback::FillOutputBuffers( // ------ MEMORY ALLOCATION ---------------------- // These are small structures. - WaveTrack **chans = (WaveTrack **) alloca(numPlaybackChannels * sizeof(WaveTrack *)); - float **tempBufs = (float **) alloca(numPlaybackChannels * sizeof(float *)); + auto chans = new WaveTrack * [numPlaybackChannels]; + auto tempBufs = new float* [numPlaybackChannels]; // And these are larger structures.... - for (unsigned int c = 0; c < numPlaybackChannels; c++) - tempBufs[c] = (float *) alloca(framesPerBuffer * sizeof(float)); + for (unsigned int c = 0; c < numPlaybackChannels; c++) { + tempBufs[c] = new float[framesPerBuffer]; + } // ------ End of MEMORY ALLOCATION --------------- auto & em = RealtimeEffectManager::Get(); @@ -4001,6 +4002,8 @@ bool AudioIoCallback::FillOutputBuffers( if (outputMeterFloats != outputFloats) ClampBuffer( outputMeterFloats, framesPerBuffer*numPlaybackChannels ); + delete[] chans; + delete[] tempBufs; return false; } diff --git a/src/effects/RealtimeEffectManager.cpp b/src/effects/RealtimeEffectManager.cpp index ced5c851e..7127dad6e 100644 --- a/src/effects/RealtimeEffectManager.cpp +++ b/src/effects/RealtimeEffectManager.cpp @@ -323,15 +323,15 @@ size_t RealtimeEffectManager::RealtimeProcess(int group, unsigned chans, float * wxMilliClock_t start = wxGetUTCTimeMillis(); // Allocate the in/out buffer arrays - float **ibuf = (float **) alloca(chans * sizeof(float *)); - float **obuf = (float **) alloca(chans * sizeof(float *)); + auto ibuf = new float* [chans]; + auto obuf = new float* [chans]; // And populate the input with the buffers we've been given while allocating // NEW output buffers for (unsigned int i = 0; i < chans; i++) { ibuf[i] = buffers[i]; - obuf[i] = (float *) alloca(numSamples * sizeof(float)); + obuf[i] = new float[numSamples]; } // Now call each effect in the chain while swapping buffer pointers to feed the @@ -366,6 +366,9 @@ size_t RealtimeEffectManager::RealtimeProcess(int group, unsigned chans, float * } } + delete ibuf; + delete[] obuf; + // Remember the latency mRealtimeLatency = (int) (wxGetUTCTimeMillis() - start).GetValue(); @@ -516,9 +519,10 @@ size_t RealtimeEffectState::RealtimeProcess(int group, const auto numAudioIn = mEffect.GetAudioInCount(); const auto numAudioOut = mEffect.GetAudioOutCount(); - float **clientIn = (float **) alloca(numAudioIn * sizeof(float *)); - float **clientOut = (float **) alloca(numAudioOut * sizeof(float *)); - float *dummybuf = (float *) alloca(numSamples * sizeof(float)); + auto clientIn = new float* [numAudioIn]; + auto clientOut = new float* [numAudioOut]; + auto dummybuf = new float [numSamples]; + decltype(numSamples) len = 0; auto ichans = chans; auto ochans = chans; @@ -613,6 +617,9 @@ size_t RealtimeEffectState::RealtimeProcess(int group, // Bump to next processor processor++; } + delete[] clientIn; + delete[] clientOut; + delete[] dummybuf; return len; }