"Fix" signed integer overflow in old code

It's safe to ignore this overflow since it only affects audio data,
not indices or anything like that.

Bug: chromium:835637
Change-Id: I60162e4627b08d5e3ba3a21fdae8087f098c7e46
Reviewed-on: https://webrtc-review.googlesource.com/72701
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Commit-Queue: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23030}

modules/audio_coding/codecs/ilbc/cb_construct.c

@@ -21,6 +21,15 @@
 #include "modules/audio_coding/codecs/ilbc/defines.h"
 #include "modules/audio_coding/codecs/ilbc/gain_dequant.h"
 #include "modules/audio_coding/codecs/ilbc/get_cd_vec.h"
+#include "rtc_base/sanitizer.h"
+
+// An arithmetic operation that is allowed to overflow. (It's still undefined
+// behavior, so not a good idea; this just makes UBSan ignore the violation, so
+// that our old code can continue to do what it's always been doing.)
+static inline int32_t RTC_NO_SANITIZE("signed-integer-overflow")
+    OverflowingAddS32S32ToS32(int32_t a, int32_t b) {
+  return a + b;
+}
 
 /*----------------------------------------------------------------*
  *  Construct decoded vector from codebook and gains.
@@ -62,7 +71,7 @@ bool WebRtcIlbcfix_CbConstruct(
   for (j=0;j<veclen;j++) {
     a32 = (*gainPtr++) * cbvec0[j];
     a32 += (*gainPtr++) * cbvec1[j];
-    a32 += (*gainPtr) * cbvec2[j];
+    a32 = OverflowingAddS32S32ToS32(a32, (*gainPtr) * cbvec2[j]);
     gainPtr -= 2;
     decvector[j] = (int16_t)((a32 + 8192) >> 14);
   }