admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make an energy computation not overflow in iLBC PLC

Browse Source 
The current implementation carefully shifts down the energy so as not to overflow.
The fuzzer audio_decoder_ilbc_fuzzer found an integer overflow anyway.
The energy is only used for a threshold check.

This fix stops the energy computation when the threshold is reached, before it can overflow.

Bug: chromium:837922
Change-Id: I45e84d2d271a37e6476b08433a2cbd5a8f6e6f26
Reviewed-on: https://webrtc-review.googlesource.com/76122
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Minyue Li <minyue@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23242}
This commit is contained in:
Sam Zackrisson 2018-05-15 13:41:45 +02:00 committed by Commit Bot
parent 59216ec4a4
commit ae93f0412a
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/audio_coding/codecs/ilbc/do_plc.c
View File

@ -40,6 +40,7 @@ void WebRtcIlbcfix_DoThePlc(
size_t i;
int32_t cross, ener, cross_comp, ener_comp = 0;
int32_t measure, maxMeasure, energy;
int32_t noise_energy_threshold_30dB;
int16_t max, crossSquareMax, crossSquare;
size_t j, lag, randlag;
int16_t tmp1, tmp2;
@ -231,8 +232,8 @@ void WebRtcIlbcfix_DoThePlc(
}
/* compute concealed residual */
noise_energy_threshold_30dB = (int32_t)iLBCdec_inst->blockl * 900;
energy = 0;
for (i=0; i<iLBCdec_inst->blockl; i++) {
/* noise component - 52 < randlagFIX < 117 */
@ -268,15 +269,14 @@ void WebRtcIlbcfix_DoThePlc(
((pitchfact * PLCresidual[i] + (32767 - pitchfact) * randvec[i] +
16384) >> 15)) >> 15);
/* Shifting down the result one step extra to ensure that no overflow
will occur */
energy += (PLCresidual[i] * PLCresidual[i]) >>
(iLBCdec_inst->prevScale + 1);
/* Compute energy until threshold for noise energy is reached */
if (energy < noise_energy_threshold_30dB) {
energy += PLCresidual[i] * PLCresidual[i];
}
}
/* less than 30 dB, use only noise */
if (energy < (WEBRTC_SPL_SHIFT_W32(((int32_t)iLBCdec_inst->blockl*900),-(iLBCdec_inst->prevScale+1)))) {
energy = 0;
if (energy < noise_energy_threshold_30dB) {
for (i=0; i<iLBCdec_inst->blockl; i++) {
PLCresidual[i] = randvec[i];
}