Added boundary check for array access as a short-term way of fixing the bug of out-of-bounds reads into the array BUG=chromium:529527, chromium:529552 Review URL: https://codereview.webrtc.org/1338993003 Cr-Commit-Position: refs/heads/master@{#9930}

commit: fc9dd1710d1e9f52846931cabed97134393d0b82 [log] [tgz]
author: peah <peah@webrtc.org> Mon Sep 14 06:54:00 2015 -0700
committer: Commit bot <commit-bot@chromium.org> Mon Sep 14 13:54:03 2015 +0000
tree: 225597f156c18257268babad49ae22cbd554eece
parent: 5e023eb337eed9746ecea7fc6fbb0fca386f1961 [diff]
diff --git a/webrtc/modules/audio_processing/aec/aec_core.c b/webrtc/modules/audio_processing/aec/aec_core.c
index 0632015..b2162ac 100644
--- a/webrtc/modules/audio_processing/aec/aec_core.c
+++ b/webrtc/modules/audio_processing/aec/aec_core.c

@@ -820,8 +820,11 @@
   // negative (anti-causal system) or larger than the AEC filter length.
   {
     int num_delays_out_of_bounds = self->num_delay_values;
+    const int histogram_length = sizeof(self->delay_histogram) /
+      sizeof(self->delay_histogram[0]);
     for (i = lookahead; i < lookahead + self->num_partitions; ++i) {
-      num_delays_out_of_bounds -= self->delay_histogram[i];
+      if (i < histogram_length)
+        num_delays_out_of_bounds -= self->delay_histogram[i];
     }
     self->fraction_poor_delays = (float)num_delays_out_of_bounds /
         self->num_delay_values;
commit	fc9dd1710d1e9f52846931cabed97134393d0b82	[log] [tgz]
author	peah <peah@webrtc.org>	Mon Sep 14 06:54:00 2015 -0700
committer	Commit bot <commit-bot@chromium.org>	Mon Sep 14 13:54:03 2015 +0000
tree	225597f156c18257268babad49ae22cbd554eece
parent	5e023eb337eed9746ecea7fc6fbb0fca386f1961 [diff]