From 3aaf2ca833ced76851547bb52a90b14586d35526 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Tue, 26 Mar 2019 16:14:57 +0100 Subject: [Backport] Security bug 906739 Backport of original patch by Sam Zackrisson : Change the type of indW32 back to int32_t It was changed to size_t in https://codereview.webrtc.org/1227163003, which makes sense if the pitch lags in the code are also guaranteed to be non-negative. Otherwise, integer wraparounds may happen, which causes the code to circumvent the check for too low values here: https://cs.chromium.org/chromium/src/third_party/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c?q=webrtcisacfix_pitchfilter&sq=package:chromium&g=0&l=112 Bug: chromium:906379 Change-Id: Ia9711fdba80f091f86230cc84629406500e8e232 Reviewed-on: https://webrtc-review.googlesource.com/c/113810 Reviewed-by: Allan Sandfeld Jensen --- .../webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chromium/third_party/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c b/chromium/third_party/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c index e565e8564b1..56187e48308 100644 --- a/chromium/third_party/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c +++ b/chromium/third_party/webrtc/modules/audio_coding/codecs/isac/fix/source/pitch_filter.c @@ -9,7 +9,6 @@ */ #include "modules/audio_coding/codecs/isac/fix/source/pitch_estimator.h" - #include "common_audio/signal_processing/include/signal_processing_library.h" #include "modules/audio_coding/codecs/isac/fix/source/settings.h" #include "modules/audio_coding/codecs/isac/fix/source/structs.h" @@ -55,7 +54,8 @@ void WebRtcIsacfix_PitchFilter(int16_t* indatQQ, // Q10 if type is 1 or 4, const int16_t Gain = 21299; // 1.3 in Q14 int16_t oldLagQ7; int16_t oldGainQ12, lagdeltaQ7, curLagQ7, gaindeltaQ12, curGainQ12; - size_t indW32 = 0, frcQQ = 0; + size_t frcQQ = 0; + int32_t indW32 = 0 const int16_t* fracoeffQQ = NULL; // Assumptions in ARM assembly for WebRtcIsacfix_PitchFilterCoreARM(). -- cgit v1.2.1