Fix fuzzer-found undefined behavior in webrtc_cng The computation (x-127) << 8 is undefined for x < 127. This CL replaces the shift with a multiplication: (x-127) * (1 << 8) Bug: chromium:793201 Change-Id: I38b40bd88300208a0bfbbd8fe144b0a5b51a48ed Reviewed-on: https://webrtc-review.googlesource.com/31800 Commit-Queue: Sam Zackrisson <saza@webrtc.org> Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org> Cr-Commit-Position: refs/heads/master@{#21205}

commit: 32c6ae249fb879d75de119bc63b9a16f9f14bdca [log] [tgz]
author: Sam Zackrisson <saza@webrtc.org> Mon Dec 11 11:44:25 2017 +0100
committer: Commit Bot <commit-bot@chromium.org> Mon Dec 11 12:47:25 2017 +0000
tree: 7a44b4a13632fb9db44c540f4e03cb28b77df381
parent: 655e1967ea0492812a35b60f0ffef6f9224421d1 [diff]
diff --git a/modules/audio_coding/codecs/cng/webrtc_cng.cc b/modules/audio_coding/codecs/cng/webrtc_cng.cc
index 8b8e57e..bd17a61 100644
--- a/modules/audio_coding/codecs/cng/webrtc_cng.cc
+++ b/modules/audio_coding/codecs/cng/webrtc_cng.cc

@@ -99,7 +99,7 @@
     }
   } else {
     for (size_t i = 0; i < (dec_order_); i++) {
-      refCs[i] = (sid[i + 1] - 127) << 8; /* Q7 to Q15. */
+      refCs[i] = (sid[i + 1] - 127) * (1 << 8); /* Q7 to Q15. */
       dec_target_reflCoefs_[i] = refCs[i];
     }
   }
commit	32c6ae249fb879d75de119bc63b9a16f9f14bdca	[log] [tgz]
author	Sam Zackrisson <saza@webrtc.org>	Mon Dec 11 11:44:25 2017 +0100
committer	Commit Bot <commit-bot@chromium.org>	Mon Dec 11 12:47:25 2017 +0000
tree	7a44b4a13632fb9db44c540f4e03cb28b77df381
parent	655e1967ea0492812a35b60f0ffef6f9224421d1 [diff]