"Fix" signed integer overflow in old code
It's safe to ignore this overflow since it only affects audio data,
not indices or anything like that.
Bug: chromium:835637
Change-Id: I60162e4627b08d5e3ba3a21fdae8087f098c7e46
Reviewed-on: https://webrtc-review.googlesource.com/72701
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Commit-Queue: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23030}diff --git a/modules/audio_coding/codecs/ilbc/cb_construct.c b/modules/audio_coding/codecs/ilbc/cb_construct.c
index e2ae361..1e9a704 100644
--- a/modules/audio_coding/codecs/ilbc/cb_construct.c
+++ b/modules/audio_coding/codecs/ilbc/cb_construct.c
@@ -21,6 +21,15 @@
#include "modules/audio_coding/codecs/ilbc/defines.h"
#include "modules/audio_coding/codecs/ilbc/gain_dequant.h"
#include "modules/audio_coding/codecs/ilbc/get_cd_vec.h"
+#include "rtc_base/sanitizer.h"
+
+// An arithmetic operation that is allowed to overflow. (It's still undefined
+// behavior, so not a good idea; this just makes UBSan ignore the violation, so
+// that our old code can continue to do what it's always been doing.)
+static inline int32_t RTC_NO_SANITIZE("signed-integer-overflow")
+ OverflowingAddS32S32ToS32(int32_t a, int32_t b) {
+ return a + b;
+}
/*----------------------------------------------------------------*
* Construct decoded vector from codebook and gains.
@@ -62,7 +71,7 @@
for (j=0;j<veclen;j++) {
a32 = (*gainPtr++) * cbvec0[j];
a32 += (*gainPtr++) * cbvec1[j];
- a32 += (*gainPtr) * cbvec2[j];
+ a32 = OverflowingAddS32S32ToS32(a32, (*gainPtr) * cbvec2[j]);
gainPtr -= 2;
decvector[j] = (int16_t)((a32 + 8192) >> 14);
}