From 622eedaf0fd3362b05085b7dfbd1b986bb072dce Mon Sep 17 00:00:00 2001
From: Jonas Olsson <jonasolsson@webrtc.org>
Date: Fri, 23 Nov 2018 12:17:51 +0100
Subject: [PATCH] Bump variable sizes in response to fuzzer bug

The fuzzers detected a possible overflow in the multiplication of sum and gainQ10.
Since gainQ10 cannot be larger than 2048000 (see WebRtcIsac_kQGain2Levels) and sum cannot be larger than 2^16, a int64 is large enough to hold the result.

Bug: chromium:904909
Change-Id: Icb12821d4006aaaaf70a5735d2abd2b96f7a2f0e
Reviewed-on: https://webrtc-review.googlesource.com/c/111921
Reviewed-by: Ivo Creusen <ivoc@webrtc.org>
Commit-Queue: Jonas Olsson <jonasolsson@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25787}
---
 modules/audio_coding/codecs/isac/main/source/entropy_coding.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/audio_coding/codecs/isac/main/source/entropy_coding.c b/modules/audio_coding/codecs/isac/main/source/entropy_coding.c
index 28767afc63..6692a519ca 100644
--- a/modules/audio_coding/codecs/isac/main/source/entropy_coding.c
+++ b/modules/audio_coding/codecs/isac/main/source/entropy_coding.c
@@ -96,7 +96,7 @@ static void FindInvArSpec(const int16_t* ARCoefQ12,
                           const int32_t gainQ10,
                           int32_t* CurveQ16) {
   int32_t CorrQ11[AR_ORDER + 1];
-  int32_t sum, tmpGain;
+  int64_t sum, tmpGain;
   int32_t diffQ16[FRAMESAMPLES / 8];
   const int16_t* CS_ptrQ9;
   int k, n;