#12 kiss_fftr() trashes memory

closed
nobody
None
5
2012-09-14
2012-06-27
No

In kiss_fftr.c lines 98, 100 and 102 the variable ncfft (taken from st->substate->nfft) is used as an array index for an array with exactly ncfft entries. This causes trashed memory as the largest allowed index is ncfft-1 in this case.

Linking an application against libefence (electric fence) will easily point out this out of bounds access on the first usage of kiss_fftr().

Discussion

  • I forgot to add that I am using kiss_fft 1.29.

     
  • You need space for nfft/2+1 complex points in your output buffer, since both the DC bin and the Nyquist bin are returned.

    See the comments in README and in kiss_fftr.h

     
  • You need space for nfft/2+1 complex points in your output buffer, since both the DC bin and the Nyquist bin are returned.

    See the comments in README and in kiss_fftr.h