From 510aae0f8e150496386fe8edcc35d33a2bddd107 Mon Sep 17 00:00:00 2001 From: Andrei Emeltchenko Date: Thu, 22 May 2014 16:07:02 +0300 Subject: [PATCH] android/hal-audio: Fix invalid memory access when downmixing to mono While iterating over input buffer frame's size was not correctly taken into account. Input buffer is always PCM 16bit stereo (4 bytes per frame). --- android/hal-audio.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/android/hal-audio.c b/android/hal-audio.c index df78497ef..49b829a02 100644 --- a/android/hal-audio.c +++ b/android/hal-audio.c @@ -527,9 +527,12 @@ static void downmix_to_mono(struct a2dp_stream_out *out, const uint8_t *buffer, { const int16_t *input = (const void *) buffer; int16_t *output = (void *) out->downmix_buf; - size_t i; + size_t i, frames; + + /* PCM 16bit stereo */ + frames = bytes / (2 * sizeof(int16_t)); - for (i = 0; i < bytes / 2; i++) { + for (i = 0; i < frames; i++) { int16_t l = le16_to_cpu(get_unaligned(&input[i * 2])); int16_t r = le16_to_cpu(get_unaligned(&input[i * 2 + 1])); -- 2.47.3