zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bump variable sizes in response to fuzzer bug

Browse Source 
The fuzzers detected a possible overflow in the multiplication of sum and gainQ10.
Since gainQ10 cannot be larger than 2048000 (see WebRtcIsac_kQGain2Levels) and sum cannot be larger than 2^16, a int64 is large enough to hold the result.

Bug: chromium:904909
Change-Id: Icb12821d4006aaaaf70a5735d2abd2b96f7a2f0e
Reviewed-on: https://webrtc-review.googlesource.com/c/111921
Reviewed-by: Ivo Creusen <ivoc@webrtc.org>
Commit-Queue: Jonas Olsson <jonasolsson@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25787}
This commit is contained in:
Jonas Olsson
2018-11-23 12:17:51 +01:00
committed by Commit Bot
parent b24c00f02d
commit 622eedaf0f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/audio_coding/codecs/isac/main/source/entropy_coding.c
View File

@ -96,7 +96,7 @@ static void FindInvArSpec(const int16_t* ARCoefQ12,
const int32_t gainQ10,
int32_t* CurveQ16) {
int32_t CorrQ11[AR_ORDER + 1];
int32_t sum, tmpGain;
int64_t sum, tmpGain;
int32_t diffQ16[FRAMESAMPLES / 8];
const int16_t* CS_ptrQ9;
int k, n;