From bc5c69f8e7a5b4b8b9dcfc979d8bff09ffb78daa Mon Sep 17 00:00:00 2001
From: Alex Loiko <aleloi@webrtc.org>
Date: Thu, 25 Jan 2018 14:27:04 +0100
Subject: [PATCH] Use of unititialized value in AECM.

The AecMobile struct contains a ::farendOld field. It's type is 'short [2][80]'.
The field was initialized by

  memset(&aecm->farendOld[0][0], 0, 160);

But sizeof(short) is not guaranteed to be 1. This causes use of
unititialized memory on some platforms. According to MSAN, it can
affect the output of the echo canceller.

The issue was found by the MSAN  fuzzer.

This change initializes the array properly.

Bug: chromium:805396
Change-Id: Ibcaca2185cfa153e8fd826e9addfc04d7b65e417
Reviewed-on: https://webrtc-review.googlesource.com/43860
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Commit-Queue: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21764}
---
 modules/audio_processing/aecm/echo_control_mobile.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/audio_processing/aecm/echo_control_mobile.cc b/modules/audio_processing/aecm/echo_control_mobile.cc
index 880f0aa65a..36e227166f 100644
--- a/modules/audio_processing/aecm/echo_control_mobile.cc
+++ b/modules/audio_processing/aecm/echo_control_mobile.cc
@@ -180,7 +180,7 @@ int32_t WebRtcAecm_Init(void *aecmInst, int32_t sampFreq)
     aecm->knownDelay = 0;
     aecm->lastDelayDiff = 0;
 
-    memset(&aecm->farendOld[0][0], 0, 160);
+    memset(&aecm->farendOld, 0, sizeof(aecm->farendOld));
 
     // Default settings.
     aecConfig.cngMode = AecmTrue;