zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix UBSan errors (signed integer overflow)

Browse Source 
WebRtcSpl_CrossCorrelation and WebRtcSpl_DotProductWithScale compute
the int32 sum of pairwise products from two int16 arrays. So as to
avoid overflow (which could otherwise happen when as little as two
products were summed), the products are right-shifted by an amount
specified by the caller.

This CL changes WebRtcIlbcfix_MyCorr and WebRtcIlbcfix_Smooth to give
sufficient right-shift amounts, instead of ones that may be too small
and cause overflow.

BUG=chromium:601787

Review-Url: https://codereview.webrtc.org/2014033002
Cr-Commit-Position: refs/heads/master@{#13066}
This commit is contained in:
kwiberg
2016-06-08 05:24:40 -07:00
committed by Commit bot
parent 271d740788
commit a10740239d
2 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
webrtc/modules/audio_coding/codecs/ilbc/my_corr.c
View File

@ -29,25 +29,26 @@ void WebRtcIlbcfix_MyCorr(
const int16_t* seq2, /* (i) second sequence */
size_t dim2 /* (i) dimension seq2 */
){
int16_t max;
uint32_t max1, max2;
size_t loops;
int scale;
int right_shift;
/* Calculate correlation between the two sequences. Scale the
result of the multiplcication to maximum 26 bits in order
to avoid overflow */
max=WebRtcSpl_MaxAbsValueW16(seq1, dim1);
scale=WebRtcSpl_GetSizeInBits(max);
scale = 2 * scale - 26;
if (scale<0) {
scale=0;
// Calculate a right shift that will let us sum dim2 pairwise products of
// values from the two sequences without overflowing an int32_t. (The +1 in
// max1 and max2 are because WebRtcSpl_MaxAbsValueW16 will return 2**15 - 1
// if the input array contains -2**15.)
max1 = WebRtcSpl_MaxAbsValueW16(seq1, dim1) + 1;
max2 = WebRtcSpl_MaxAbsValueW16(seq2, dim2) + 1;
right_shift =
(64 - 31) - WebRtcSpl_CountLeadingZeros64((max1 * max2) * (uint64_t)dim2);
if (right_shift < 0) {
right_shift = 0;
}
loops=dim1-dim2+1;
/* Calculate the cross correlations */
WebRtcSpl_CrossCorrelation(corr, seq2, seq1, dim2, loops, scale, 1);
WebRtcSpl_CrossCorrelation(corr, seq2, seq1, dim2, loops, right_shift, 1);
return;
}

19
webrtc/modules/audio_coding/codecs/ilbc/smooth.c
View File

@ -31,7 +31,7 @@ void WebRtcIlbcfix_Smooth(
int16_t *surround /* (i) The approximation from the
surrounding sequences */
) {
int16_t maxtot, scale, scale1, scale2;
int16_t scale, scale1, scale2;
int16_t A, B, C, denomW16;
int32_t B_W32, denom, num;
int32_t errs;
@ -40,18 +40,21 @@ void WebRtcIlbcfix_Smooth(
int16_t w11prim;
int16_t bitsw00, bitsw10, bitsw11;
int32_t w11w00, w10w10, w00w00;
int16_t max1, max2;
uint32_t max1, max2, max12;
/* compute some inner products (ensure no overflow by first calculating proper scale factor) */
w00 = w10 = w11 = 0;
max1=WebRtcSpl_MaxAbsValueW16(current, ENH_BLOCKL);
max2=WebRtcSpl_MaxAbsValueW16(surround, ENH_BLOCKL);
maxtot=WEBRTC_SPL_MAX(max1, max2);
scale=WebRtcSpl_GetSizeInBits(maxtot);
scale = (int16_t)(2 * scale) - 26;
// Calculate a right shift that will let us sum ENH_BLOCKL pairwise products
// of values from the two sequences without overflowing an int32_t. (The +1
// in max1 and max2 are because WebRtcSpl_MaxAbsValueW16 will return 2**15 -
// 1 if the input array contains -2**15.)
max1 = WebRtcSpl_MaxAbsValueW16(current, ENH_BLOCKL) + 1;
max2 = WebRtcSpl_MaxAbsValueW16(surround, ENH_BLOCKL) + 1;
max12 = WEBRTC_SPL_MAX(max1, max2);
scale = (64 - 31) -
WebRtcSpl_CountLeadingZeros64((max12 * max12) * (uint64_t)ENH_BLOCKL);
scale=WEBRTC_SPL_MAX(0, scale);
w00=WebRtcSpl_DotProductWithScale(current,current,ENH_BLOCKL,scale);