From d2970e593d9fef29373cf62c411a52d32518458d Mon Sep 17 00:00:00 2001 From: Christopher Snowhill Date: Fri, 14 Feb 2025 18:45:18 -0800 Subject: [PATCH] Crash Fix: Fix HRTF resampler delay misuse The delay value should be scaled by the resampling ratio, similar to how it already is when allocating the impulse buffer. This went undetected, as it scribbled over other memory without causing immediate crashes, but instead later heap corruption. Signed-off-by: Christopher Snowhill --- Audio/Chain/DSP/HeadphoneFilter.mm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Audio/Chain/DSP/HeadphoneFilter.mm b/Audio/Chain/DSP/HeadphoneFilter.mm index 8953f2ba1..31a37c1df 100644 --- a/Audio/Chain/DSP/HeadphoneFilter.mm +++ b/Audio/Chain/DSP/HeadphoneFilter.mm @@ -218,8 +218,10 @@ static impulseSetCache *_sharedController = nil; data->get_direction_data(elevation, azimuth, speaker.distance, hrtfLeft, hrtfRight); if(resampling) { - soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfLeft.impulse_response[0], sampleCountExact, NULL, &hrtfData[((hrtfLeft.delay + 2) >> 2) + actualSampleCount * i * 2], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); - soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfRight.impulse_response[0], sampleCountExact, NULL, &hrtfData[((hrtfRight.delay + 2) >> 2) + actualSampleCount * (i * 2 + 1)], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); + ssize_t leftDelay = (ssize_t)((double)(hrtfLeft.delay) * 0.25 * sampleRate / sampleRateOfSource); + ssize_t rightDelay = (ssize_t)((double)(hrtfRight.delay) * 0.25 * sampleRate / sampleRateOfSource); + soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfLeft.impulse_response[0], sampleCountExact, NULL, &hrtfData[leftDelay + actualSampleCount * i * 2], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); + soxr_oneshot(sampleRateOfSource, sampleRate, 1, &hrtfRight.impulse_response[0], sampleCountExact, NULL, &hrtfData[rightDelay + actualSampleCount * (i * 2 + 1)], sampleCountResampled, NULL, &io_spec, &q_spec, &runtime_spec); } else { cblas_scopy(sampleCountExact, &hrtfLeft.impulse_response[0], 1, &hrtfData[((hrtfLeft.delay + 2) >> 2) + actualSampleCount * i * 2], 1); cblas_scopy(sampleCountExact, &hrtfRight.impulse_response[0], 1, &hrtfData[((hrtfRight.delay + 2) >> 2) + actualSampleCount * (i * 2 + 1)], 1);