From ab62de0fa2c8f2cb19898d04a3f64036e60be42a Mon Sep 17 00:00:00 2001 From: Christopher Snowhill Date: Fri, 14 Feb 2025 18:45:18 -0800 Subject: [PATCH] Crash Fix: Fix HRTF resampler delay misuse The delay value should be scaled by the resampling ratio, similar to how it already is when allocating the impulse buffer. This went undetected, as it scribbled over other memory without causing immediate crashes, but instead later heap corruption. Signed-off-by: Christopher Snowhill --- Audio/Chain/DSP/HeadphoneFilter.mm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Audio/Chain/DSP/HeadphoneFilter.mm b/Audio/Chain/DSP/HeadphoneFilter.mm index 8953f2ba1..31a37c1df 100644 --- a/Audio/Chain/DSP/HeadphoneFilter.mm +++ b/Audio/Chain/DSP/HeadphoneFilter.mm @@ -218,8 +218,10 @@ static impulseSetCache *_sharedController = nil; data->get_direction_data(elevation, azimuth, speaker.distance, hrtfLeft, hrtfRight); if(resampling) { - soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfLeft.impulse_response[0], sampleCountExact, NULL, &hrtfData[((hrtfLeft.delay + 2) >> 2) + actualSampleCount * i * 2], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); - soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfRight.impulse_response[0], sampleCountExact, NULL, &hrtfData[((hrtfRight.delay + 2) >> 2) + actualSampleCount * (i * 2 + 1)], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); + ssize_t leftDelay = (ssize_t)((double)(hrtfLeft.delay) * 0.25 * sampleRate / sampleRateOfSource); + ssize_t rightDelay = (ssize_t)((double)(hrtfRight.delay) * 0.25 * sampleRate / sampleRateOfSource); + soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfLeft.impulse_response[0], sampleCountExact, NULL, &hrtfData[leftDelay + actualSampleCount * i * 2], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); + soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfRight.impulse_response[0], sampleCountExact, NULL, &hrtfData[rightDelay + actualSampleCount * (i * 2 + 1)], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); } else { cblas_scopy(sampleCountExact, &hrtfLeft.impulse_response[0], 1, &hrtfData[((hrtfLeft.delay + 2) >> 2) + actualSampleCount * i * 2], 1); cblas_scopy(sampleCountExact, &hrtfRight.impulse_response[0], 1, &hrtfData[((hrtfRight.delay + 2) >> 2) + actualSampleCount * (i * 2 + 1)], 1);