zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix fuzzer-found undefined behavior in webrtc_cng

Browse Source 
The computation (x-127) << 8 is undefined for x < 127.
This CL replaces the shift with a multiplication: (x-127) * (1 << 8)

Bug: chromium:793201
Change-Id: I38b40bd88300208a0bfbbd8fe144b0a5b51a48ed
Reviewed-on: https://webrtc-review.googlesource.com/31800
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21205}
This commit is contained in:
Sam Zackrisson
2017-12-11 11:44:25 +01:00
committed by Commit Bot
parent 655e1967ea
commit 32c6ae249f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/audio_coding/codecs/cng/webrtc_cng.cc
View File

@ -99,7 +99,7 @@ void ComfortNoiseDecoder::UpdateSid(rtc::ArrayView<const uint8_t> sid) {
}
} else {
for (size_t i = 0; i < (dec_order_); i++) {
refCs[i] = (sid[i + 1] - 127) << 8; /* Q7 to Q15. */
refCs[i] = (sid[i + 1] - 127) * (1 << 8); /* Q7 to Q15. */
dec_target_reflCoefs_[i] = refCs[i];
}
}