From 528a03441eac89d2f7b02c80d62d1a3624ad9997 Mon Sep 17 00:00:00 2001
From: Sam Zackrisson <saza@webrtc.org>
Date: Tue, 22 Oct 2019 11:36:17 +0200
Subject: [PATCH] Fix fuzzer-found inconsistency in AEC3 config json parsing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Type mismatches will silently fail and skip reading a parameter
in the JSON parsing, except when parsing a size_t from a negative int.

This CL updates the parsing to silently ignore negative values provided
for size_t config parameters, instead of explicitly DCHECKing.

Tested: Ran the fuzzer on the crash test case with + without this fix.

Bug: chromium:1016139
Change-Id: I3899e81e1183aa54b708030efeb6e0006b8cd881
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/157894
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Per Åhgren <peah@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#29568}
---
 api/audio/echo_canceller3_config_json.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/api/audio/echo_canceller3_config_json.cc b/api/audio/echo_canceller3_config_json.cc
index 28aec9eea7..f7f115d86f 100644
--- a/api/audio/echo_canceller3_config_json.cc
+++ b/api/audio/echo_canceller3_config_json.cc
@@ -32,8 +32,7 @@ void ReadParam(const Json::Value& root, std::string param_name, bool* param) {
 void ReadParam(const Json::Value& root, std::string param_name, size_t* param) {
   RTC_DCHECK(param);
   int v;
-  if (rtc::GetIntFromJsonObject(root, param_name, &v)) {
-    RTC_DCHECK_GE(v, 0);
+  if (rtc::GetIntFromJsonObject(root, param_name, &v) && v >= 0) {
     *param = v;
   }
 }