ref: cc3405045567b70e816e91e9f130b8d8fff36d19
parent: 363924ee7f9908c4f6410b28a62574edc7bc8431
author: Koen Vos <[email protected]>
date: Wed Sep 21 10:50:17 EDT 2011
Fixes an integer overflow caused by uninitialized values in LTP scaling
--- a/silk/Inlines.h
+++ b/silk/Inlines.h
@@ -159,7 +159,7 @@
result = silk_LSHIFT(b32_inv, 16); /* Q: 61 - b_headrm */
/* Compute residual by subtracting product of denominator and first approximation from one */
- err_Q32 = silk_LSHIFT( (1<<29)-silk_SMULWB(b32_nrm, b32_inv), 3 ); /* Q32 */
+ err_Q32 = silk_LSHIFT( (1<<29) - silk_SMULWB(b32_nrm, b32_inv), 3 ); /* Q32 */
/* Refinement */
result = silk_SMLAWW(result, err_Q32, b32_inv); /* Q: 61 - b_headrm */
--- a/silk/MacroDebug.h
+++ b/silk/MacroDebug.h
@@ -25,13 +25,13 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
***********************************************************************/
-#ifndef _SIGPROCFIX_API_DEBUG_H_
-#define _SIGPROCFIX_API_DEBUG_H_
+#ifndef _MACRO_DEBUG_H_
+#define _MACRO_DEBUG_H_
-/* Redefine macro functions with extensive assertion in Win32_DEBUG mode.
- As function can't be undefined, this file can't work with SigProcFIX_MacroCount.h */
+/* Redefine macro functions with extensive assertion in DEBUG mode.
+ As functions can't be undefined, this file can't work with SigProcFIX_MacroCount.h */
-#if 0 && defined (_WIN32) && defined (_DEBUG) && !defined (silk_MACRO_COUNT)
+#if 0 && defined (_DEBUG) && !defined (silk_MACRO_COUNT)
#undef silk_ADD16
static inline opus_int16 silk_ADD16(opus_int16 a, opus_int16 b){@@ -161,7 +161,7 @@
#undef silk_MUL
static inline opus_int32 silk_MUL(opus_int32 a32, opus_int32 b32){opus_int32 ret;
- opus_int64 ret64; /* Will easily show how many bits that are needed */
+ opus_int64 ret64;
ret = a32 * b32;
ret64 = (opus_int64)a32 * (opus_int64)b32;
silk_assert((opus_int64)ret == ret64 ); /* Check output overflow */
@@ -291,7 +291,7 @@
return ret;
}
-/* multiply-accumulate macros that allow overflow in the addition (ie, no asserts in debug mode) */
+/* Multiply-accumulate macros that allow overflow in the addition (ie, no asserts in debug mode) */
#undef silk_MLA_ovflw
#define silk_MLA_ovflw(a32, b32, c32) ((a32) + ((b32) * (c32)))
#undef silk_SMLABB_ovflw
@@ -549,4 +549,4 @@
*/
#endif
-#endif
+#endif /* _MACRO_DEBUG_H_ */
--- a/silk/NSQ.c
+++ b/silk/NSQ.c
@@ -41,7 +41,8 @@
opus_int subfr, /* I subframe number */
const opus_int LTP_scale_Q14, /* I */
const opus_int32 Gains_Q16[ MAX_NB_SUBFR ], /* I */
- const opus_int pitchL[ MAX_NB_SUBFR ] /* I */
+ const opus_int pitchL[ MAX_NB_SUBFR ], /* I Pitch lag */
+ const opus_int signal_type /* I Signal type */
);
static inline void silk_noise_shape_quantizer(
@@ -141,7 +142,7 @@
}
}
- silk_nsq_scale_states( psEncC, NSQ, x, x_sc_Q10, sLTP, sLTP_Q16, k, LTP_scale_Q14, Gains_Q16, pitchL );
+ silk_nsq_scale_states( psEncC, NSQ, x, x_sc_Q10, sLTP, sLTP_Q16, k, LTP_scale_Q14, Gains_Q16, pitchL, psIndices->signalType );
silk_noise_shape_quantizer( NSQ, psIndices->signalType, x_sc_Q10, pulses, pxq, sLTP_Q16, A_Q12, B_Q14,
AR_shp_Q13, lag, HarmShapeFIRPacked_Q14, Tilt_Q14[ k ], LF_shp_Q14[ k ], Gains_Q16[ k ], Lambda_Q10,
@@ -162,7 +163,6 @@
#ifdef SAVE_ALL_INTERNAL_DATA
DEBUG_STORE_DATA( xq.dat, &pxq[ -psEncC->frame_length ], psEncC->frame_length * sizeof( opus_int16 ) );
DEBUG_STORE_DATA( q.dat, &pulses[ -psEncC->frame_length ], psEncC->frame_length * sizeof( opus_int8 ) );
- DEBUG_STORE_DATA( sLTP_Q16.dat, &sLTP_Q16[ psEncC->ltp_mem_length ], psEncC->frame_length * sizeof( opus_int32 ) );
#endif
}
@@ -370,7 +370,8 @@
opus_int subfr, /* I subframe number */
const opus_int LTP_scale_Q14, /* I */
const opus_int32 Gains_Q16[ MAX_NB_SUBFR ], /* I */
- const opus_int pitchL[ MAX_NB_SUBFR ] /* I */
+ const opus_int pitchL[ MAX_NB_SUBFR ], /* I Pitch lag */
+ const opus_int signal_type /* I Signal type */
)
{opus_int i, lag;
@@ -403,7 +404,7 @@
}
/* Scale long-term prediction state */
- if( NSQ->rewhite_flag == 0 ) {+ if( signal_type == TYPE_VOICED && NSQ->rewhite_flag == 0 ) { for( i = NSQ->sLTP_buf_idx - lag - LTP_ORDER / 2; i < NSQ->sLTP_buf_idx; i++ ) {sLTP_Q16[ i ] = silk_SMULWW( gain_adj_Q16, sLTP_Q16[ i ] );
}
--- a/silk/NSQ_del_dec.c
+++ b/silk/NSQ_del_dec.c
@@ -67,7 +67,9 @@
opus_int smpl_buf_idx, /* I Index to newest samples in buffers */
const opus_int LTP_scale_Q14, /* I LTP state scaling */
const opus_int32 Gains_Q16[ MAX_NB_SUBFR ], /* I */
- const opus_int pitchL[ MAX_NB_SUBFR ] /* I Pitch lag */
+ const opus_int pitchL[ MAX_NB_SUBFR ], /* I Pitch lag */
+ const opus_int signal_type, /* I Signal type */
+ const opus_int decisionDelay /* I Decision delay */
);
/******************************************/
@@ -241,7 +243,7 @@
}
silk_nsq_del_dec_scale_states( psEncC, NSQ, psDelDec, x, x_sc_Q10, sLTP, sLTP_Q16, k,
- psEncC->nStatesDelayedDecision, smpl_buf_idx, LTP_scale_Q14, Gains_Q16, pitchL );
+ psEncC->nStatesDelayedDecision, smpl_buf_idx, LTP_scale_Q14, Gains_Q16, pitchL, psIndices->signalType, decisionDelay );
silk_noise_shape_quantizer_del_dec( NSQ, psDelDec, psIndices->signalType, x_sc_Q10, pulses, pxq, sLTP_Q16,
delayedGain_Q16, A_Q12, B_Q14, AR_shp_Q13, lag, HarmShapeFIRPacked_Q14, Tilt_Q14[ k ], LF_shp_Q14[ k ],
@@ -273,7 +275,6 @@
pxq[ i - decisionDelay ] = ( opus_int16 )silk_SAT16( silk_RSHIFT_ROUND(
silk_SMULWW( psDD->Xq_Q10[ last_smple_idx ], Gains_Q16[ psEncC->nb_subfr - 1 ] ), 10 ) );
NSQ->sLTP_shp_Q10[ NSQ->sLTP_shp_buf_idx - decisionDelay + i ] = psDD->Shape_Q10[ last_smple_idx ];
- sLTP_Q16[ NSQ->sLTP_buf_idx - decisionDelay + i ] = psDD->Pred_Q16[ last_smple_idx ];
}
silk_memcpy( NSQ->sLPC_Q14, &psDD->sLPC_Q14[ psEncC->subfr_length ], NSQ_LPC_BUF_LENGTH * sizeof( opus_int32 ) );
silk_memcpy( NSQ->sAR2_Q14, psDD->sAR2_Q14, sizeof( psDD->sAR2_Q14 ) );
@@ -289,7 +290,6 @@
#ifdef SAVE_ALL_INTERNAL_DATA
DEBUG_STORE_DATA( xq.dat, &pxq[ -psEncC->frame_length ], psEncC->frame_length * sizeof( opus_int16 ) );
DEBUG_STORE_DATA( q.dat, &pulses[ -psEncC->frame_length ], psEncC->frame_length * sizeof( opus_int8 ) );
- DEBUG_STORE_DATA( sLTP_Q16.dat, &sLTP_Q16[ psEncC->ltp_mem_length ], psEncC->frame_length * sizeof( opus_int32 ) );
#endif
}
@@ -613,7 +613,9 @@
opus_int smpl_buf_idx, /* I Index to newest samples in buffers */
const opus_int LTP_scale_Q14, /* I LTP state scaling */
const opus_int32 Gains_Q16[ MAX_NB_SUBFR ], /* I */
- const opus_int pitchL[ MAX_NB_SUBFR ] /* I Pitch lag */
+ const opus_int pitchL[ MAX_NB_SUBFR ], /* I Pitch lag */
+ const opus_int signal_type, /* I Signal type */
+ const opus_int decisionDelay /* I Decision delay */
)
{opus_int i, k, lag;
@@ -647,8 +649,8 @@
}
/* Scale long-term prediction state */
- if( NSQ->rewhite_flag == 0 ) {- for( i = NSQ->sLTP_buf_idx - lag - LTP_ORDER / 2; i < NSQ->sLTP_buf_idx; i++ ) {+ if( signal_type == TYPE_VOICED && NSQ->rewhite_flag == 0 ) {+ for( i = NSQ->sLTP_buf_idx - lag - LTP_ORDER / 2; i < NSQ->sLTP_buf_idx - decisionDelay; i++ ) {sLTP_Q16[ i ] = silk_SMULWW( gain_adj_Q16, sLTP_Q16[ i ] );
}
}
--- a/silk/SigProc_FIX.h
+++ b/silk/SigProc_FIX.h
@@ -446,8 +446,8 @@
(just standard two's complement implementation-specific behaviour) */
#define silk_ADD32_ovflw(a, b) ((opus_int32)((opus_uint32)(a) + (opus_uint32)(b)))
-/* multiply-accumulate macros that allow overflow in the addition (ie, no asserts in debug mode)*/
-#define silk_MLA_ovflw(a32, b32, c32) silk_ADD32_ovflw((a32),(opus_uint32)(b32) * (opus_uint32)(c32))
+/* Multiply-accumulate macros that allow overflow in the addition (ie, no asserts in debug mode)*/
+#define silk_MLA_ovflw(a32, b32, c32) silk_ADD32_ovflw((a32), (opus_uint32)(b32) * (opus_uint32)(c32))
#ifndef silk_SMLABB_ovflw
# define silk_SMLABB_ovflw(a32, b32, c32) silk_ADD32_ovflw((a32), (opus_int32)((opus_int16)(b32)) * (opus_int32)((opus_int16)(c32)))
#endif