ref: a6595e6201064f34d1795be4e8d1412e426b233b
parent: 7c49ad0c5b1cd5ee830f449a34cc32b469db3cee
author: Mark Harris <[email protected]>
date: Wed Oct 7 05:21:23 EDT 2015
Extra safety against NaNs in surround_analysis() Fix out-of-bounds memory read in multichannel surround analysis with float input that contains NaNs. Found by afl-fuzz. Signed-off-by: Jean-Marc Valin <[email protected]>
--- a/src/opus_multistream_encoder.c
+++ b/src/opus_multistream_encoder.c
@@ -202,7 +202,7 @@
max = b;
diff = SUB32(EXTEND32(b),EXTEND32(a));
}
- if (diff >= QCONST16(8.f, DB_SHIFT))
+ if (!(diff < QCONST16(8.f, DB_SHIFT))) /* inverted to catch NaNs */
return max;
#ifdef FIXED_POINT
low = SHR32(diff, DB_SHIFT-1);