From 0c7a319e6ba208bf91df298bdb8ba2843491a590 Mon Sep 17 00:00:00 2001
From: Karol Kosek <krkk@krkk.ct8.pl>
Date: Sun, 11 Jul 2021 14:47:09 +0200
Subject: [PATCH] LibAudio: Set variable type for decoding fixed subframes in
 FLAC

This fixes an crash caused by using the type from
FlacSubframeHeader::order (unsigned 8-bit), which after overflowing
the integer, converting it back to u32, and decrementing by one
resulted in accessing an array waaay out of bounds.
---
 Userland/Libraries/LibAudio/FlacLoader.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Userland/Libraries/LibAudio/FlacLoader.cpp b/Userland/Libraries/LibAudio/FlacLoader.cpp
index bdc24906c5..647b181e2d 100644
--- a/Userland/Libraries/LibAudio/FlacLoader.cpp
+++ b/Userland/Libraries/LibAudio/FlacLoader.cpp
@@ -684,27 +684,27 @@ Vector<i32> FlacLoaderPlugin::decode_fixed_lpc(FlacSubframeHeader& subframe, Inp
     switch (subframe.order) {
     case 0:
         // s_0(t) = 0
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 0;
         break;
     case 1:
         // s_1(t) = s(t-1)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += decoded[i - 1];
         break;
     case 2:
         // s_2(t) = 2s(t-1) - s(t-2)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 2 * decoded[i - 1] - decoded[i - 2];
         break;
     case 3:
         // s_3(t) = 3s(t-1) - 3s(t-2) + s(t-3)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 3 * decoded[i - 1] - 3 * decoded[i - 2] + decoded[i - 3];
         break;
     case 4:
         // s_4(t) = 4s(t-1) - 6s(t-2) + 4s(t-3) - s(t-4)
-        for (auto i = subframe.order; i < m_current_frame->sample_count; ++i)
+        for (u32 i = subframe.order; i < m_current_frame->sample_count; ++i)
             decoded[i] += 4 * decoded[i - 1] - 6 * decoded[i - 2] + 4 * decoded[i - 3] - decoded[i - 4];
         break;
     default: