diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 14:13:10 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-14 14:43:14 +0000 |
| commit | 9312eb97bf60f252daf5a9f875ba36130e40503a (patch) | |
| tree | 9ce94f9f24de06bc5bf8a9367c62153daf5f8afb | |
| parent | d0e61ebba34651a67e52dad84604f9623d7b5b96 (diff) | |
| download | qtwebengine-chromium-9312eb97bf60f252daf5a9f875ba36130e40503a.tar.gz | |
[Backport] Security issue 986727 [1/2]
Fix NEON optimizations overrun buffer due to improper termination condition
(cherry picked from commit 2152a810537c819e0ecb4375aeeb53319489565f)
Bug: 986727
Change-Id: Ic5dac9ca94c4ab6bb66586ed512c74f6abfa049e
Commit-Queue: Felicia Lim <flim@chromium.org>
Reviewed-by: James Zern <jzern@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#685675}
Reviewed-by: Felicia Lim <flim@chromium.org>
Cr-Commit-Position: refs/branch-heads/3865@{#861}
Cr-Branched-From: 0cdcc6158160790658d1f033d3db873603250124-refs/heads/master@{#681094}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
| -rw-r--r-- | chromium/third_party/opus/README.chromium | 2 | ||||
| -rw-r--r-- | chromium/third_party/opus/src/silk/fixed/arm/warped_autocorrelation_FIX_neon_intr.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/chromium/third_party/opus/README.chromium b/chromium/third_party/opus/README.chromium index 8bd3197af27..53f074b65fd 100644 --- a/chromium/third_party/opus/README.chromium +++ b/chromium/third_party/opus/README.chromium @@ -20,3 +20,5 @@ Local changes: * Make sure HB_gain is not NaN in an attempt to fix chromium:826914 * Saturate add to avoid int overflow to fix chromium:842528. This should be reverted when updating to v1.3 +* Fix NEON optimizations overrun buffer due to improper termination condition + (https://chromium-review.googlesource.com/c/chromium/src/+/1746617) diff --git a/chromium/third_party/opus/src/silk/fixed/arm/warped_autocorrelation_FIX_neon_intr.c b/chromium/third_party/opus/src/silk/fixed/arm/warped_autocorrelation_FIX_neon_intr.c index 00a70cb51ff..79f4c942ac6 100644 --- a/chromium/third_party/opus/src/silk/fixed/arm/warped_autocorrelation_FIX_neon_intr.c +++ b/chromium/third_party/opus/src/silk/fixed/arm/warped_autocorrelation_FIX_neon_intr.c @@ -172,7 +172,7 @@ void silk_warped_autocorrelation_FIX_neon( state_QS_s32x4[ 0 ][ 1 ] = calc_state( state_QS_s32x4[ 0 ][ 1 ], state_QS_s32x4[ 2 ][ 1 ], state_QS_s32x4[ 1 ][ 1 ], warping_Q16_s32x4 ); state_QS_s32x4[ 1 ][ 0 ] = state_QS_s32x4[ 2 ][ 0 ]; state_QS_s32x4[ 1 ][ 1 ] = state_QS_s32x4[ 2 ][ 1 ]; - } while( ++n < ( length + order ) ); + } while( ++n < ( length + order - 3 ) ); in = state; o -= 8; } while( o > 4 ); |