From 4a172a3d71c15940a0f7d77c235f14641337d697 Mon Sep 17 00:00:00 2001 From: reuk Date: Thu, 7 Dec 2023 14:47:48 +0000 Subject: [PATCH] AUSDK: Fix out-of-bounds read when fetching parameter names --- modules/juce_audio_plugin_client/AU/AudioUnitSDK/AUBase.h | 2 +- .../AU/AudioUnitSDK/JUCE CHANGES.txt | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/juce_audio_plugin_client/AU/AudioUnitSDK/AUBase.h b/modules/juce_audio_plugin_client/AU/AudioUnitSDK/AUBase.h index 02f0d3d827ec..165a1663bc3f 100644 --- a/modules/juce_audio_plugin_client/AU/AudioUnitSDK/AUBase.h +++ b/modules/juce_audio_plugin_client/AU/AudioUnitSDK/AUBase.h @@ -490,7 +490,7 @@ class AUBase : public ComponentBase { if (inShouldRelease) { ioInfo.flags |= kAudioUnitParameterFlag_CFNameRelease; } - CFStringGetCString(inName, &ioInfo.name[0], offsetof(AudioUnitParameterInfo, clumpID), + CFStringGetCString(inName, std::data(ioInfo.name), std::size(ioInfo.name), kCFStringEncodingUTF8); } diff --git a/modules/juce_audio_plugin_client/AU/AudioUnitSDK/JUCE CHANGES.txt b/modules/juce_audio_plugin_client/AU/AudioUnitSDK/JUCE CHANGES.txt index df6e3ca7dc63..16f1a7723cec 100644 --- a/modules/juce_audio_plugin_client/AU/AudioUnitSDK/JUCE CHANGES.txt +++ b/modules/juce_audio_plugin_client/AU/AudioUnitSDK/JUCE CHANGES.txt @@ -1 +1,7 @@ AUScopeElement.cpp - The method AUScope::RestoreElementNames was changed to only call AUElement::SetName if the name actually changed (instead of always). This is a workaround for a Ableton Live 11 bug which crashes on duplicating AUs with more than 16 output busses. + +AUBase.h - The line that reads + CFStringGetCString(inName, std::data(ioInfo.name), std::size(ioInfo.name), ... +previously read + CFStringGetCString(inName, &ioInfo.name[0], offsetof(AudioUnitParameterInfo, clumpID), ... +This change is necessary because AudioUnitParameterInfo includes another data member between the `name` and `clumpID` members.