#1003638 mbeq: uninitialized field access corrupts output

Package:
swh-plugins
Source:
swh-plugins
Description:
Steve Harris's LADSPA plugins
Submitter:
Frank Heckenbach
Date:
2022-01-13 06:00:03 UTC
Severity:
important
Tags:
#1003638#5
Date:
2022-01-13 05:56:00 UTC
From:
To:
mbeq_1197.xml:

float coefs[FFT_LENGTH / 2];

[...]

coefs[0] = 0.0f;
for (bin=1; bin < (FFT_LENGTH/2-1); bin++) {
        coefs[bin] = ((1.0f-bin_delta[bin]) * gains[bin_base[bin]])
                      + (bin_delta[bin] * gains[bin_base[bin]+1]);
}

[...]

                for (i = 1; i < FFT_LENGTH/2; i++) {
                        comp[i] *= coefs[i];
                        comp[FFT_LENGTH-i] *= coefs[i];
                }

The first loop leaves coefs[FFT_LENGTH/2-1] uninitialized because it
only runs while bin < FFT_LENGTH/2-1.

The second loop reads from coefs[FFT_LENGTH/2-1], boom!

With some bad luck (which I had, of course, and of course only in
hard to reproduce circumstances) the uninitialized value will be NaN
which due to the FFT poisons the whole output with NaN.

Fix (note the "-1" is not needed at all. Maybe someone thought so
because of the "+1" in the line below, but that doesn't apply to bin
at all):
--- mbeq_1197.xml
+++ mbeq_1197.xml
@@ -140,7 +140,7 @@

 // Calculate coefficients for each bin of FFT
 coefs[0] = 0.0f;
-for (bin=1; bin < (FFT_LENGTH/2-1); bin++) {
+for (bin=1; bin < (FFT_LENGTH/2); bin++) {
 	coefs[bin] = ((1.0f-bin_delta[bin]) * gains[bin_base[bin]])
 		      + (bin_delta[bin] * gains[bin_base[bin]+1]);
 }