LibAudio: Set variable type for decoding fixed subframes in FLAC

This fixes an crash caused by using the type from FlacSubframeHeader::order (unsigned 8-bit), which after overflowing the integer, converting it back to u32, and decrementing by one resulted in accessing an array waaay out of bounds.
author: Karol Kosek <krkk@krkk.ct8.pl> 2021-07-11 14:47:09 +0200
committer: Gunnar Beutner <gunnar@beutner.name> 2021-07-12 23:32:50 +0200
commit: 0c7a319e6ba208bf91df298bdb8ba2843491a590 (patch)
tree: adfc3f6c5aee6a68b105464f03397bc11895cb42 /Userland/Libraries/LibAudio
parent: 93340685ed54d38a7aca8001b4bcf43580291e91 (diff)
download: serenity-0c7a319e6ba208bf91df298bdb8ba2843491a590.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/Userland/Libraries/LibAudio/FlacLoader.cpp b/Userland/Libraries/LibAudio/FlacLoader.cpp
index bdc24906c5..647b181e2d 100644
--- a/Userland/Libraries/LibAudio/FlacLoader.cpp
+++ b/Userland/Libraries/LibAudio/FlacLoader.cpp
@@ -684,27 +684,27 @@ Vector<i32> FlacLoaderPlugin::decode_fixed_lpc(FlacSubframeHeader& subframe, Inp
     switch (subframe.order) {
     case 0:
         // s_0(t) = 0
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 0;
         break;
     case 1:
         // s_1(t) = s(t-1)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += decoded[i - 1];
         break;
     case 2:
         // s_2(t) = 2s(t-1) - s(t-2)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 2 * decoded[i - 1] - decoded[i - 2];
         break;
     case 3:
         // s_3(t) = 3s(t-1) - 3s(t-2) + s(t-3)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 3 * decoded[i - 1] - 3 * decoded[i - 2] + decoded[i - 3];
         break;
     case 4:
         // s_4(t) = 4s(t-1) - 6s(t-2) + 4s(t-3) - s(t-4)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 4 * decoded[i - 1] - 6 * decoded[i - 2] + 4 * decoded[i - 3] - decoded[i - 4];
         break;
     default:
author	Karol Kosek <krkk@krkk.ct8.pl>	2021-07-11 14:47:09 +0200
committer	Gunnar Beutner <gunnar@beutner.name>	2021-07-12 23:32:50 +0200
commit	0c7a319e6ba208bf91df298bdb8ba2843491a590 (patch)
tree	adfc3f6c5aee6a68b105464f03397bc11895cb42 /Userland/Libraries/LibAudio
parent	93340685ed54d38a7aca8001b4bcf43580291e91 (diff)
download	serenity-0c7a319e6ba208bf91df298bdb8ba2843491a590.zip