Merge branch 'asan-ubsan-fixes'

swesterfeld · swesterfeld · commit e0aac6505e5d · 2025-08-04T17:03:08.000+02:00
* asan-ubsan-fixes:
  GLUI: MorphCurveWidget: avoid reading past end for last curve segment
  LIB: math utils: avoid zero-size arrays on stack to avoid UB
  LIB: LiveDecoder: avoid reading from uninitialized data member, avoid UB
  LIB: FormantCorrection: avoid zero-size arrays on stack to avoid UB

Signed-off-by: Stefan Westerfeld &lt;stefan@space.twc.de&gt;
diff --git a/glui/smmorphcurvewidget.cc b/glui/smmorphcurvewidget.cc
@@ -484,7 +484,12 @@ MorphCurveWidget::find_closest_segment_index (const Point& p)
     {
       Point curve_p = curve_point_to_xy (m_curve.points[i]);
       if (curve_p.x() < p.x())
-        index = i;
+        {
+          if (i + 1 < m_curve.points.size())
+            index = i;
+          else
+            index = -1; // no valid segment: p is not between two curve points
+        }
     }
   return index;
 }
diff --git a/lib/smformantcorrection.cc b/lib/smformantcorrection.cc
@@ -118,7 +118,7 @@ FormantCorrection::process_block (const AudioBlock& in_block, RTAudioBlock& out_
     assert (out_block.freqs.size() == mags_count);
     for (size_t i = 0; i < mags_count; i++)
       mags[i] *= norm;
-    uint16_t imags[mags_count];
+    uint16_t imags[mags_count + AVOID_ARRAY_UB];
     sm_factor2idbs (mags, mags_count, imags);
     out_block.mags.assign (imags, imags + mags_count);
   };
@@ -127,7 +127,7 @@ FormantCorrection::process_block (const AudioBlock& in_block, RTAudioBlock& out_
     {
       out_block.freqs.set_capacity (in_block.freqs.size());
       const float e_tune_factor = 1 / in_block.env_f0;
-      float mags[in_block.freqs.size()];
+      float mags[in_block.freqs.size() + AVOID_ARRAY_UB];
       size_t count = 0;
 
       for (size_t i = 0; i < in_block.freqs.size(); i++)
diff --git a/lib/smlivedecoder.hh b/lib/smlivedecoder.hh
@@ -30,7 +30,7 @@ class LiveDecoder
     float mag;
     uint  phase;
   };
-  std::vector<PartialState> pstate[2], *last_pstate;
+  std::vector<PartialState> pstate[2], *last_pstate = &pstate[0];
 
   WavSet             *smset;
   Audio              *audio;
diff --git a/lib/smmath.cc b/lib/smmath.cc
@@ -41,7 +41,7 @@ sm_idb2factor_slow (uint16_t idb)
 void
 sm_factor2idbs (float *factors, uint n_factors, uint16_t *out)
 {
-  float tmp[n_factors];
+  float tmp[n_factors + AVOID_ARRAY_UB];
   for (uint i = 0; i < n_factors; i++)
     tmp[i] = std::max (factors[i], 1e-25f);
 
@@ -66,7 +66,7 @@ sm_freq2ifreq (float freq)
 void
 sm_freq2ifreqs (float *freqs, uint n_freqs, uint16_t *out)
 {
-  float tmp[n_freqs];
+  float tmp[n_freqs + AVOID_ARRAY_UB];
   for (uint i = 0; i < n_freqs; i++)
     tmp[i] = fast_log2 (freqs[i]);   // compiler should auto vectorize this loop
 

Original file line number	Diff line number	Diff line change
`@@ -484,7 +484,12 @@ MorphCurveWidget::find_closest_segment_index (const Point& p)`
`484`	`484`	`{`
`485`	`485`	`Point curve_p = curve_point_to_xy (m_curve.points[i]);`
`486`	`486`	`if (curve_p.x() < p.x())`
`487`		`- index = i;`
	`487`	`+ {`
	`488`	`+ if (i + 1 < m_curve.points.size())`
	`489`	`+ index = i;`
	`490`	`+ else`
	`491`	`+ index = -1; // no valid segment: p is not between two curve points`
	`492`	`+ }`
`488`	`493`	`}`
`489`	`494`	`return index;`
`490`	`495`	`}`