Added boundary check for array access as a short-term way of fixing the bug of out-of-bounds reads into the array
BUG=chromium:529527, chromium:529552
Review URL: https://codereview.webrtc.org/1338993003
Cr-Commit-Position: refs/heads/master@{#9930}
diff --git a/webrtc/modules/audio_processing/aec/aec_core.c b/webrtc/modules/audio_processing/aec/aec_core.c
index 0632015..b2162ac 100644
--- a/webrtc/modules/audio_processing/aec/aec_core.c
+++ b/webrtc/modules/audio_processing/aec/aec_core.c
@@ -820,8 +820,11 @@
// negative (anti-causal system) or larger than the AEC filter length.
{
int num_delays_out_of_bounds = self->num_delay_values;
+ const int histogram_length = sizeof(self->delay_histogram) /
+ sizeof(self->delay_histogram[0]);
for (i = lookahead; i < lookahead + self->num_partitions; ++i) {
- num_delays_out_of_bounds -= self->delay_histogram[i];
+ if (i < histogram_length)
+ num_delays_out_of_bounds -= self->delay_histogram[i];
}
self->fraction_poor_delays = (float)num_delays_out_of_bounds /
self->num_delay_values;