Fix heap corruption bug in async_decoder

When using async_decoder with a CC decoder with k = 7 and no input byte packing, the frame size of the underlying FEC decoder is set incorrectly to a too large value. This causes out of bounds accesses which corrupt the heap.
author: Daniel Estévez <daniel@destevez.net> 2019-12-20 15:22:22 +0100
committer: Martin Braun <martin.braun@ettus.com> 2020-01-05 17:10:24 -0800
commit: ab2d4171666b8778ac53b54438e5f0d4262778de (patch)
tree: a76e216422cefa36a48110ff202d4a40057c06e1 /gr-fec/lib/async_decoder_impl.cc
parent: 7e961e4efd249e6509f2b3ec8cef592dfb1d0b87 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/gr-fec/lib/async_decoder_impl.cc b/gr-fec/lib/async_decoder_impl.cc
index 790cd58a4b..d417da3129 100644
--- a/gr-fec/lib/async_decoder_impl.cc
+++ b/gr-fec/lib/async_decoder_impl.cc
@@ -116,7 +116,7 @@ void async_decoder_impl::decode_unpacked(pmt::pmt_t msg)
     size_t nbits_in = pmt::length(bits);
     size_t nbits_out = 0;
     size_t nblocks = 1;
-    bool variable_frame_size = d_decoder->set_frame_size(nbits_in * d_decoder->rate());
+    bool variable_frame_size = d_decoder->set_frame_size(nbits_in * d_decoder->rate() - diff);
 
     // Check here if the frame size is larger than what we've
     // allocated for in the constructor.
author	Daniel Estévez <daniel@destevez.net>	2019-12-20 15:22:22 +0100
committer	Martin Braun <martin.braun@ettus.com>	2020-01-05 17:10:24 -0800
commit	ab2d4171666b8778ac53b54438e5f0d4262778de (patch)
tree	a76e216422cefa36a48110ff202d4a40057c06e1 /gr-fec/lib/async_decoder_impl.cc
parent	7e961e4efd249e6509f2b3ec8cef592dfb1d0b87 (diff)