Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / f65a003f7f2b442023a3431e6170a744202579c3^! / . / modules
commitf65a003f7f2b442023a3431e6170a744202579c3[log] [tgz]
authorIvo Creusen <ivoc@webrtc.org>Thu Dec 03 10:06:25 2020 +0100
committerCommit Bot <commit-bot@chromium.org>Thu Dec 03 14:50:18 2020 +0000
treed781032cc4bfc6154e8f1d6d02806e7284308f76
parente7b5c1a235f16ec6f562501897c139d75bf96bba [diff]
Fix for 3 NetEq fuzzer issues.

I was not able to reproduce chromium:1146676 locally, so the change in merge.cc is a speculative fix.

Bug: chromium:1146835, chromium:1146676, chromium:1137226
Change-Id: I14472ba5b41e58b2d5f27d9833249c14505af18f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/194264
Commit-Queue: Ivo Creusen <ivoc@webrtc.org>
Reviewed-by: Henrik Lundin <henrik.lundin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32759}

diff --git a/modules/audio_coding/neteq/cross_correlation.cc b/modules/audio_coding/neteq/cross_correlation.cc
index 2a03d4a..895fea3 100644
--- a/modules/audio_coding/neteq/cross_correlation.cc
+++ b/modules/audio_coding/neteq/cross_correlation.cc

@@ -38,19 +38,9 @@
 
   // In order to avoid overflow when computing the sum we should scale the
   // samples so that (in_vector_length * max_1 * max_2) will not overflow.
-  // Expected scaling fulfills
-  // 1) sufficient:
-  //    sequence_1_length * (max_1 * max_2 >> scaling) <= 0x7fffffff;
-  // 2) necessary:
-  //    if (scaling > 0)
-  //      sequence_1_length * (max_1 * max_2 >> (scaling - 1)) > 0x7fffffff;
-  // The following calculation fulfills 1) and almost fulfills 2).
-  // There are some corner cases that 2) is not satisfied, e.g.,
-  // max_1 = 17, max_2 = 30848, sequence_1_length = 4095, in such case,
-  // optimal scaling is 0, while the following calculation results in 1.
-  const int32_t factor =
-      (max_1 * max_2) / (std::numeric_limits<int32_t>::max() /
-                         static_cast<int32_t>(sequence_1_length));
+  const int64_t max_value =
+      max_1 * max_2 * static_cast<int64_t>(sequence_1_length);
+  const int32_t factor = max_value >> 31;
   const int scaling = factor == 0 ? 0 : 31 - WebRtcSpl_NormW32(factor);
 
   WebRtcSpl_CrossCorrelation(cross_correlation, sequence_1, sequence_2,

diff --git a/modules/audio_coding/neteq/delay_manager.cc b/modules/audio_coding/neteq/delay_manager.cc
index 33eeb96..aec80cf 100644
--- a/modules/audio_coding/neteq/delay_manager.cc
+++ b/modules/audio_coding/neteq/delay_manager.cc

@@ -158,7 +158,8 @@
   }
 
   const int expected_iat_ms =
-      1000 * static_cast<int32_t>(timestamp - last_timestamp_) / sample_rate_hz;
+      1000ll * static_cast<int32_t>(timestamp - last_timestamp_) /
+      sample_rate_hz;
   const int iat_ms = packet_iat_stopwatch_->ElapsedMs();
   const int iat_delay_ms = iat_ms - expected_iat_ms;
   int relative_delay;

diff --git a/modules/audio_coding/neteq/merge.cc b/modules/audio_coding/neteq/merge.cc
index f1f2cc9..5bf239b 100644
--- a/modules/audio_coding/neteq/merge.cc
+++ b/modules/audio_coding/neteq/merge.cc

@@ -50,6 +50,9 @@
   assert(fs_hz_ == 8000 || fs_hz_ == 16000 || fs_hz_ == 32000 ||
          fs_hz_ == 48000);
   assert(fs_hz_ <= kMaxSampleRate);  // Should not be possible.
+  if (input_length == 0) {
+    return 0;
+  }
 
   size_t old_length;
   size_t expand_period;