The buffer size calculation loop (line ~6661) uses `n_samples - 1` as
the upper bound for segment_end_samples, but the copy loop (line 6696)
uses `n_samples`. This inconsistency allows the copy loop to compute
segment_length values up to 1 sample larger per segment than what was
allocated, causing heap corruption.
Symptom: `malloc(): corrupted top size` or `malloc(): invalid size
(unsorted)` crashes after VAD completes sample reduction.
Fix: Use consistent bounds (`n_samples - 1`) in both loops.
Fixes #3403
}
segment_start_samples = std::min(segment_start_samples, n_samples - 1);
- segment_end_samples = std::min(segment_end_samples, n_samples);
+ segment_end_samples = std::min(segment_end_samples, n_samples - 1);
int segment_length = segment_end_samples - segment_start_samples;
if (segment_length > 0) {
whisper_state::vad_segment_info segment;
overview / pkg / ggml / sources / whisper.cpp / commitdiff