From 7f82fc988ded707247f317019215e4abdd6fe19f Mon Sep 17 00:00:00 2001 From: kwiberg Date: Mon, 22 Aug 2016 07:43:42 -0700 Subject: [PATCH] WebRtcIlbcfix_Smooth: Fix UBSan fuzzer bug (left shift of 1 by 31 overflows) scale1 == 31 if and only if w10 == 0. So even though 1 << scale1 overflows, we know that the result of the multiplication should be 0. Handle that case. BUG=chromium:615818 Review-Url: https://codereview.webrtc.org/2258543002 Cr-Commit-Position: refs/heads/master@{#13847} --- webrtc/modules/audio_coding/codecs/ilbc/smooth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webrtc/modules/audio_coding/codecs/ilbc/smooth.c b/webrtc/modules/audio_coding/codecs/ilbc/smooth.c index 269331cce4..ed879327c0 100644 --- a/webrtc/modules/audio_coding/codecs/ilbc/smooth.c +++ b/webrtc/modules/audio_coding/codecs/ilbc/smooth.c @@ -168,7 +168,7 @@ void WebRtcIlbcfix_Smooth( /* B_W32 is in Q30 ( B = 1 - ENH_A0/2 - A * w10/w00 ) */ scale1 = 31-bitsw10; scale2 = 21-scale1; - w10prim = w10 * (1 << scale1); + w10prim = w10 == 0 ? 0 : w10 * (1 << scale1); w00prim = WEBRTC_SPL_SHIFT_W32(w00, -scale2); scale = bitsw00-scale2-15;