From 9b4aa600e5cf1cf993c7a44471353aa977deccc7 Mon Sep 17 00:00:00 2001
From: Henrik Lundin <henrik.lundin@webrtc.org>
Date: Fri, 20 Apr 2018 09:07:45 +0200
Subject: [PATCH] Fix ptr overflow warning in filter_ar.c

In this code, the problem was that the ptr could sometimes point
outside of the allocated arrays, in particular before the array,
causing a pointer overflow warning. However, the memory pointed to was
never read or written while the pointer was off.

With this change, we keep an index instead of a pointer, which avoids
warnings for pointer overflow. The index might be negative at times,
but the index will not be used to address the arrays while negative.

Bug: webrtc:9166
Change-Id: I3a32d8e814660f43be9d4c94889d00ac3f8403a5
Reviewed-on: https://webrtc-review.googlesource.com/71165
Reviewed-by: Artem Titov <titovartem@webrtc.org>
Commit-Queue: Henrik Lundin <henrik.lundin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22951}
---
 common_audio/signal_processing/filter_ar.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/common_audio/signal_processing/filter_ar.c b/common_audio/signal_processing/filter_ar.c
index 49d5d61960..2471cd1117 100644
--- a/common_audio/signal_processing/filter_ar.c
+++ b/common_audio/signal_processing/filter_ar.c
@@ -17,6 +17,8 @@
 
 #include "common_audio/signal_processing/include/signal_processing_library.h"
 
+#include "rtc_base/checks.h"
+
 size_t WebRtcSpl_FilterAR(const int16_t* a,
                           size_t a_length,
                           const int16_t* x,
@@ -40,8 +42,10 @@ size_t WebRtcSpl_FilterAR(const int16_t* a,
     {
         // Calculate filtered[i] and filtered_low[i]
         const int16_t* a_ptr = &a[1];
-        int16_t* filtered_ptr = &filtered[i - 1];
-        int16_t* filtered_low_ptr = &filtered_low[i - 1];
+        // The index can become negative, but the arrays will never be indexed
+        // with it when negative. Nevertheless, the index cannot be a size_t
+        // because of this.
+        int filtered_ix = (int)i - 1;
         int16_t* state_ptr = &state[state_length - 1];
         int16_t* state_low_ptr = &state_low[state_length - 1];
 
@@ -51,8 +55,10 @@ size_t WebRtcSpl_FilterAR(const int16_t* a,
         stop = (i < a_length) ? i + 1 : a_length;
         for (j = 1; j < stop; j++)
         {
-          o -= *a_ptr * *filtered_ptr--;
-          oLOW -= *a_ptr++ * *filtered_low_ptr--;
+          RTC_DCHECK_GE(filtered_ix, 0);
+          o -= *a_ptr * filtered[filtered_ix];
+          oLOW -= *a_ptr++ * filtered_low[filtered_ix];
+          --filtered_ix;
         }
         for (j = i + 1; j < a_length; j++)
         {