Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(350)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c

Issue 2144733007: Check for out-of-bounds access on |kIntrpCoef|. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@52
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (c) 2012 The WebRTC project authors. All Rights Reserved. 2 * Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after
111 indW32 = CalcLrIntQ(curLagQ7, 7); 111 indW32 = CalcLrIntQ(curLagQ7, 7);
112 if (indW32 < PITCH_FRACORDER - 2) { 112 if (indW32 < PITCH_FRACORDER - 2) {
113 // WebRtcIsacfix_PitchFilterCore requires indW32 >= PITCH_FRACORDER - 113 // WebRtcIsacfix_PitchFilterCore requires indW32 >= PITCH_FRACORDER -
114 // 2; otherwise, it will read from entries of ubufQQ that haven't been 114 // 2; otherwise, it will read from entries of ubufQQ that haven't been
115 // written yet. (This problem has only been seen in fuzzer tests, not 115 // written yet. (This problem has only been seen in fuzzer tests, not
116 // in real life.) See Chromium bug 581901. 116 // in real life.) See Chromium bug 581901.
117 indW32 = PITCH_FRACORDER - 2; 117 indW32 = PITCH_FRACORDER - 2;
118 } 118 }
119 frcQQ = ((indW32 << 7) + 64 - curLagQ7) >> 4; 119 frcQQ = ((indW32 << 7) + 64 - curLagQ7) >> 4;
120 120
121 if (frcQQ == PITCH_FRACS) { 121 if (frcQQ >= PITCH_FRACS) {
122 frcQQ = 0; 122 frcQQ = 0;
123 } 123 }
124 fracoeffQQ = kIntrpCoef[frcQQ]; 124 fracoeffQQ = kIntrpCoef[frcQQ];
125 125
126 // Pitch filtering. 126 // Pitch filtering.
127 WebRtcIsacfix_PitchFilterCore(PITCH_SUBFRAME_LEN / kSegments, curGainQ12, 127 WebRtcIsacfix_PitchFilterCore(PITCH_SUBFRAME_LEN / kSegments, curGainQ12,
128 indW32, sign, inystateQQ, ubufQQ, fracoeffQQ, indatQQ, outdatQQ, &ind); 128 indW32, sign, inystateQQ, ubufQQ, fracoeffQQ, indatQQ, outdatQQ, &ind);
129 } 129 }
130 } 130 }
131 131
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
184 esumxQQ = 1; 184 esumxQQ = 1;
185 185
186 // Same as function WebRtcIsacfix_PitchFilter(), we break the pitch 186 // Same as function WebRtcIsacfix_PitchFilter(), we break the pitch
187 // filtering into two for-loops (5 x 12) below. 187 // filtering into two for-loops (5 x 12) below.
188 for (cnt = 0; cnt < kSegments; cnt++) { 188 for (cnt = 0; cnt < kSegments; cnt++) {
189 // Update parameters for each segment. 189 // Update parameters for each segment.
190 curLagQ7 += lagdeltaQ7; 190 curLagQ7 += lagdeltaQ7;
191 indW16 = CalcLrIntQ(curLagQ7, 7); 191 indW16 = CalcLrIntQ(curLagQ7, 7);
192 frcQQ = ((indW16 << 7) + 64 - curLagQ7) >> 4; 192 frcQQ = ((indW16 << 7) + 64 - curLagQ7) >> 4;
193 193
194 if (frcQQ == PITCH_FRACS) { 194 if (frcQQ >= PITCH_FRACS) {
195 frcQQ = 0; 195 frcQQ = 0;
196 } 196 }
197 fracoeffQQ = kIntrpCoef[frcQQ]; 197 fracoeffQQ = kIntrpCoef[frcQQ];
198 198
199 pos3QQ = pos - (indW16 + 4); 199 pos3QQ = pos - (indW16 + 4);
200 200
201 for (n = 0; n < PITCH_SUBFRAME_LEN / kSegments; n++) { 201 for (n = 0; n < PITCH_SUBFRAME_LEN / kSegments; n++) {
202 // Filter to get fractional pitch. 202 // Filter to get fractional pitch.
203 203
204 tmpW32 = 0; 204 tmpW32 = 0;
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
239 } 239 }
240 gainsQ12[k] = (int16_t)WEBRTC_SPL_SAT(PITCH_MAX_GAIN_Q12, tmpW32, 0); 240 gainsQ12[k] = (int16_t)WEBRTC_SPL_SAT(PITCH_MAX_GAIN_Q12, tmpW32, 0);
241 } 241 }
242 242
243 // Export buffer and states. 243 // Export buffer and states.
244 memcpy(pfp->ubufQQ, ubufQQ + PITCH_FRAME_LEN, sizeof(pfp->ubufQQ)); 244 memcpy(pfp->ubufQQ, ubufQQ + PITCH_FRAME_LEN, sizeof(pfp->ubufQQ));
245 pfp->oldlagQ7 = lagsQ7[PITCH_SUBFRAMES - 1]; 245 pfp->oldlagQ7 = lagsQ7[PITCH_SUBFRAMES - 1];
246 pfp->oldgainQ12 = gainsQ12[PITCH_SUBFRAMES - 1]; 246 pfp->oldgainQ12 = gainsQ12[PITCH_SUBFRAMES - 1];
247 247
248 } 248 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698