From f65a003f7f2b442023a3431e6170a744202579c3 Mon Sep 17 00:00:00 2001 From: Ivo Creusen Date: Thu, 3 Dec 2020 10:06:25 +0100 Subject: [PATCH] Fix for 3 NetEq fuzzer issues. I was not able to reproduce chromium:1146676 locally, so the change in merge.cc is a speculative fix. Bug: chromium:1146835, chromium:1146676, chromium:1137226 Change-Id: I14472ba5b41e58b2d5f27d9833249c14505af18f Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/194264 Commit-Queue: Ivo Creusen Reviewed-by: Henrik Lundin Cr-Commit-Position: refs/heads/master@{#32759} --- modules/audio_coding/neteq/cross_correlation.cc | 16 +++------------- modules/audio_coding/neteq/delay_manager.cc | 3 ++- modules/audio_coding/neteq/merge.cc | 3 +++ 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/modules/audio_coding/neteq/cross_correlation.cc b/modules/audio_coding/neteq/cross_correlation.cc index 2a03d4af26..895fea32d1 100644 --- a/modules/audio_coding/neteq/cross_correlation.cc +++ b/modules/audio_coding/neteq/cross_correlation.cc @@ -38,19 +38,9 @@ int CrossCorrelationWithAutoShift(const int16_t* sequence_1, // In order to avoid overflow when computing the sum we should scale the // samples so that (in_vector_length * max_1 * max_2) will not overflow. - // Expected scaling fulfills - // 1) sufficient: - // sequence_1_length * (max_1 * max_2 >> scaling) <= 0x7fffffff; - // 2) necessary: - // if (scaling > 0) - // sequence_1_length * (max_1 * max_2 >> (scaling - 1)) > 0x7fffffff; - // The following calculation fulfills 1) and almost fulfills 2). - // There are some corner cases that 2) is not satisfied, e.g., - // max_1 = 17, max_2 = 30848, sequence_1_length = 4095, in such case, - // optimal scaling is 0, while the following calculation results in 1. - const int32_t factor = - (max_1 * max_2) / (std::numeric_limits::max() / - static_cast(sequence_1_length)); + const int64_t max_value = + max_1 * max_2 * static_cast(sequence_1_length); + const int32_t factor = max_value >> 31; const int scaling = factor == 0 ? 0 : 31 - WebRtcSpl_NormW32(factor); WebRtcSpl_CrossCorrelation(cross_correlation, sequence_1, sequence_2, diff --git a/modules/audio_coding/neteq/delay_manager.cc b/modules/audio_coding/neteq/delay_manager.cc index 33eeb96f19..aec80cfa4b 100644 --- a/modules/audio_coding/neteq/delay_manager.cc +++ b/modules/audio_coding/neteq/delay_manager.cc @@ -158,7 +158,8 @@ absl::optional DelayManager::Update(uint32_t timestamp, } const int expected_iat_ms = - 1000 * static_cast(timestamp - last_timestamp_) / sample_rate_hz; + 1000ll * static_cast(timestamp - last_timestamp_) / + sample_rate_hz; const int iat_ms = packet_iat_stopwatch_->ElapsedMs(); const int iat_delay_ms = iat_ms - expected_iat_ms; int relative_delay; diff --git a/modules/audio_coding/neteq/merge.cc b/modules/audio_coding/neteq/merge.cc index f1f2cc97e3..5bf239bfc5 100644 --- a/modules/audio_coding/neteq/merge.cc +++ b/modules/audio_coding/neteq/merge.cc @@ -50,6 +50,9 @@ size_t Merge::Process(int16_t* input, assert(fs_hz_ == 8000 || fs_hz_ == 16000 || fs_hz_ == 32000 || fs_hz_ == 48000); assert(fs_hz_ <= kMaxSampleRate); // Should not be possible. + if (input_length == 0) { + return 0; + } size_t old_length; size_t expand_period;