From b5ea607dcc128a40a7f9f5812c5e22b545285041 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 30 Jul 2025 15:57:01 +0100
Subject: [PATCH] AU Host: Avoid potential UB reads of MIDI data

---
 .../format_types/juce_AudioUnitPluginFormat.mm      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/modules/juce_audio_processors/format_types/juce_AudioUnitPluginFormat.mm b/modules/juce_audio_processors/format_types/juce_AudioUnitPluginFormat.mm
index 546b61cee7..81820516c8 100644
--- a/modules/juce_audio_processors/format_types/juce_AudioUnitPluginFormat.mm
+++ b/modules/juce_audio_processors/format_types/juce_AudioUnitPluginFormat.mm
@@ -1417,11 +1417,22 @@ public:
                 for (const auto metadata : midiMessages)
                 {
                     if (metadata.numBytes <= 3)
+                    {
+                        const auto getByteOrZero = [&metadata] (int index)
+                        {
+                            return index < metadata.numBytes ? metadata.data[index] : (uint8) 0;
+                        };
+
                         MusicDeviceMIDIEvent (audioUnit,
-                                              metadata.data[0], metadata.data[1], metadata.data[2],
+                                              getByteOrZero (0),
+                                              getByteOrZero (1),
+                                              getByteOrZero (2),
                                               (UInt32) metadata.samplePosition);
+                    }
                     else
+                    {
                         MusicDeviceSysEx (audioUnit, metadata.data, (UInt32) metadata.numBytes);
+                    }
                 }
 
                 midiMessages.clear();