diff options
author | Henrik Lundin <henrik.lundin@webrtc.org> | 2022-02-15 15:13:34 +0000 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2022-04-14 06:18:42 +0000 |
commit | 10b76c2e9f1534de69ec703f7cd10c7ac5b2b27f (patch) | |
tree | c2c7c6dff7fb667e06a388d43b542ded30d3f461 | |
parent | 463ed6fcd0560adc3614c743c4c51020bd7eb5f2 (diff) | |
download | qtwebengine-chromium-10b76c2e9f1534de69ec703f7cd10c7ac5b2b27f.tar.gz |
[Backport] Security bug 1280852
Adding fuzzer for PCM16b decoder and fixing a fuzzer problem
Backport review link:
https://webrtc-review.googlesource.com/c/src/+/251580
Bug: chromium:1280852
Change-Id: I732d44ddcd7b4c25c9c09932254820ab6cc85c46
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/webrtc/modules/audio_coding/codecs/pcm16b/audio_decoder_pcm16b.cc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/chromium/third_party/webrtc/modules/audio_coding/codecs/pcm16b/audio_decoder_pcm16b.cc b/chromium/third_party/webrtc/modules/audio_coding/codecs/pcm16b/audio_decoder_pcm16b.cc index 1dd2ff289ee..7761efe8b3b 100644 --- a/chromium/third_party/webrtc/modules/audio_coding/codecs/pcm16b/audio_decoder_pcm16b.cc +++ b/chromium/third_party/webrtc/modules/audio_coding/codecs/pcm16b/audio_decoder_pcm16b.cc @@ -42,7 +42,12 @@ int AudioDecoderPcm16B::DecodeInternal(const uint8_t* encoded, int16_t* decoded, SpeechType* speech_type) { RTC_DCHECK_EQ(sample_rate_hz_, sample_rate_hz); - size_t ret = WebRtcPcm16b_Decode(encoded, encoded_len, decoded); + // Adjust the encoded length down to ensure the same number of samples in each + // channel. + const size_t encoded_len_adjusted = + PacketDuration(encoded, encoded_len) * 2 * + Channels(); // 2 bytes per sample per channel + size_t ret = WebRtcPcm16b_Decode(encoded, encoded_len_adjusted, decoded); *speech_type = ConvertSpeechType(1); return static_cast<int>(ret); } |