zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix fuzzer-found flow-over in AGC1

Browse Source 
This CL changes a constant from an approximately correct limit
of 2^25.5.

The new limit is the largest x such that z = 10 satisfies:
((x >> z) + 1)^2 <= 2^31 - 1.
If gains[k + 1] > x, then z >= 11 and needs to be computed.

Bug: chromium:860638
Change-Id: If17f257dacd94806e59e4f32b345a5fb15b4e32b
Reviewed-on: https://webrtc-review.googlesource.com/87583
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23908}
This commit is contained in:
Sam Zackrisson
2018-07-09 16:06:28 +02:00
committed by Commit Bot
parent 5a61967bd0
commit 71729eb0a8
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/audio_processing/agc/legacy/digital_agc.c
View File

@ -467,9 +467,10 @@ int32_t WebRtcAgc_ProcessDigital(DigitalAgc* stt,
// Limit gain to avoid overload distortion
for (k = 0; k < 10; k++) {
// To prevent wrap around
// Find a shift of gains[k + 1] such that it can be squared without
// overflow, but at least by 10 bits.
zeros = 10;
if (gains[k + 1] > 47453132) {
if (gains[k + 1] > 47452159) {
zeros = 16 - WebRtcSpl_NormW32(gains[k + 1]);
}
gain32 = (gains[k + 1] >> zeros) + 1;