From ffdb6262c2cc117997c215db8f17ba5c7d577546 Mon Sep 17 00:00:00 2001
From: Christopher Snowhill <kode54@gmail.com>
Date: Fri, 10 Jun 2022 02:44:02 -0700
Subject: [PATCH] [MAD Decoder] Fix sample count calculation crash

This condition would underflow when skipping a bunch of samples on the
start of playback, or otherwise seeking, and could cause an unsigned
underflow, which would cause the subsequent vDSP_vflt32 to overread into
the MAD sample buffer and crash.

Signed-off-by: Christopher Snowhill <kode54@gmail.com>
---
 Plugins/MAD/MADDecoder.m | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Plugins/MAD/MADDecoder.m b/Plugins/MAD/MADDecoder.m
index 5fd1fced6..f801fee3d 100644
--- a/Plugins/MAD/MADDecoder.m
+++ b/Plugins/MAD/MADDecoder.m
@@ -436,8 +436,12 @@
 			return;
 		}
 
+		// Clip this for the following calculation, so this doesn't underflow
+		// when seeking and skipping a lot of samples
+		unsigned long startingSampleClipped = MIN(startingSample, sampleCount);
+
 		// We are at the end of the file and need to read the last few frames
-		if(_framesDecoded + (sampleCount - startingSample) > totalFrames - _endPadding) {
+		if(_framesDecoded + (sampleCount - startingSampleClipped) > totalFrames - _endPadding) {
 			// DLog(@"End of file. %li",  totalFrames - _endPadding - _framesDecoded);
 			sampleCount = totalFrames - _endPadding - _framesDecoded + startingSample;
 		}