Bug? Out of bounds access in AudioFormatReader::read (AudioSampleBuffer...)


#1

Just been looking at possibly using AudioFormatReader in some of my code.  Whilst having a little inspection, something seems potentially fishy in AudioFormatReader::read (AudioSampleBuffer* ...) :

If numTargetChannels is more than 64, the code takes a branch which creates a HeapBlock of size numTargetChannels.  It then calls the function readChannels() which appears to write one beyond the end of the allocated HeapBlock:

chans[numTargetChannels] = nullptr;

.. admittedly >64 channels is probably a rare case.

 

I can't actually work out why AudioFormatReader::read(int* const* destSamples ...) needs to be given an array (destSamples) which is one larger than than numDestChannels, unless maybe it used to require an end sentinel in a previous incarnation?


#2

Good call - thanks!

(Yes, the extra value is just there as a sentinel, mainly in case users write code that goes beyond the end. It's probably superfluous though)