From patchwork Sat Dec 2 17:36:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew D'Addesio X-Patchwork-Id: 6508 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.161.94 with SMTP id m30csp2566404jah; Sat, 2 Dec 2017 09:45:10 -0800 (PST) X-Google-Smtp-Source: AGs4zMaovkVfPWvQDhXKjCq0YnLwS8IRnnrJ/ehHz/u5xe+jUO5G8SMI+lbou7fERUyDh6QHGu4M X-Received: by 10.223.133.149 with SMTP id 21mr2023080wrt.266.1512236710803; Sat, 02 Dec 2017 09:45:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512236710; cv=none; d=google.com; s=arc-20160816; b=bObHmsnCB84GXnWETs507YF8KOS7R9hOGMwrKcAmXgQ3gPKOsOi93qUjWVSJ1vPVeC ErXgOtwPnJeIhLCWxuTbe2UY/heit05RB2Cg/KJ9dwR0fXMoMHGGhvGQelYAZPwpWj1S 7ub7Y/HEtzBkpZnRfM4KbWiR1pxKF4C62CqXLw8+cGkj1aW4jjyys6ISL7wxXFvPPtHZ WcStJKkE61K8Xn8Qx5m6S8zTs7fpejPyA9P9UQZ2GdBed2ziqLY+grzrzca2Y+4gW1R5 XUCQZ57nZJm+jx4k0jpg80OtzUxU1jV/z44zRPN+VBe+7c0llx1pVheAzXI5AucEjRAn PFXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=fVIBqJkMLnS1GgFdc0XFe5LjqCkJnu5VL+ulErNmipo=; b=YDnj7pBuVI+WbX+EptH2npFetHhHLwtnzcU6twIcLNsyha935aaei+80xpDM9TN9hB 9R9NskBBHU1LtUEmCivB5z95eyqNqCc2RwGKxapmykjkC2LhSn4nLbQFn+HPyv5gebwQ 00/BsqH6s8DgjHnl36WtScLPpoPDRs7AKPy/7lKk+nUCuk/fBS4xxTV+8Pw9X8orolld FU2YVsV1zjeuFTpgyHvbtD0dBPt1M6lIP1dLyy9m7zzSvyV9lIhEI31Rv9efJpYr4SJv 1G4B3wtM4vH56fvMjgWWi93qPy0Oqm8Ff1aQhRe9TXEolnOm5UqhFo/x7uOpaa6+UftD 7apA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=ASzf59Sz; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id o6si7152987wrh.425.2017.12.02.09.45.10; Sat, 02 Dec 2017 09:45:10 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=ASzf59Sz; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A46D668A547; Sat, 2 Dec 2017 19:45:05 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ot0-f196.google.com (mail-ot0-f196.google.com [74.125.82.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C203D680296 for ; Sat, 2 Dec 2017 19:44:58 +0200 (EET) Received: by mail-ot0-f196.google.com with SMTP id s4so11610582ote.4 for ; Sat, 02 Dec 2017 09:45:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8a2Io8wVoahHDyz+RdlPN5eJKqc4Z1MYaqJ1/47UlyE=; b=ASzf59SzgbEMAChEuVDkb2lm8d+dyTZAuT0Xl4G9ihZ+GprCbhjQZmsXrfvAikNtWL p0HeCRiCuf4nXUOb+TXGSLcVuWbSAJ1sJuX6WfD+dwl64uvBojBD0FXbWiIV8q2DnhVs Gvq7vFr5z2ct5sRL5tvFc47cRWVPzLFHZ8vVqERHJMLDzDFMfuySYnuRGJXZcWcvFj9M aMeqZLu32hUyXtUnOrYRRWCB0UgCFG8CMKGO1Ksv/pwJR7fEQFkk3l9ERJKT4VClxrse IFH3+3bnCGM4oKz9lJ8tzYB6d/AMVkHOCdv4Hm4erXcRDbt19qO9aHBja9PUfb/Hfp4T CY3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8a2Io8wVoahHDyz+RdlPN5eJKqc4Z1MYaqJ1/47UlyE=; b=NRhTmPwnOb/bPaYmPHnhY/Kp8tzwQUQKVl3srUt+4Ywa6vJK1KfGBO8ULrLUEupuAJ vIE13s5h4nYHJiFMWkg+6F9wv/e5UZ+vPzLmLL5lz7bWR/va9qswcXqpNdd8OtlSubZ9 jtnjP0nG/YJkrvfsUKJ+4F0vsO2rr8K6Q2cDfYF4XvwwZtfK4c52s5uzHYp678VIUPck o7mfrmHVfxTS5l4n8pmWP8wY0rrqWMxCCay/MPD2ma8QWf6/c/SoUKcv/do8IKlfMKtL 748J1banp7BIhojEqxqFzdjybn4BmaXlVMiWFoOk9CxmLGPKrdOIpBbyUazdmxYmosnG 3rFQ== X-Gm-Message-State: AJaThX6GEKjdvN6m9rdDx8iqe1ewKj7klkSjJ0qhOVcgicPRFm98V8xB NzuBCn/TmkrxKlZfv/29cTZF/Q== X-Received: by 10.157.3.21 with SMTP id 21mr11724711otv.165.1512236221628; Sat, 02 Dec 2017 09:37:01 -0800 (PST) Received: from localhost.localdomain ([2605:6000:1019:4a8:80a0:1945:efcc:4de5]) by smtp.gmail.com with ESMTPSA id s101sm4180379ota.17.2017.12.02.09.37.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 02 Dec 2017 09:37:01 -0800 (PST) From: Andrew D'Addesio To: ffmpeg-devel@ffmpeg.org Date: Sat, 2 Dec 2017 11:36:25 -0600 Message-Id: <20171202173627.5292-2-modchipv12@gmail.com> X-Mailer: git-send-email 2.15.1.windows.2 In-Reply-To: <20171202173627.5292-1-modchipv12@gmail.com> References: <20171202173627.5292-1-modchipv12@gmail.com> Subject: [FFmpeg-devel] [PATCH 2/4] opus: Fix arithmetic overflows (per RFC8251) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andrew D'Addesio MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The relevant sections from the RFC are: Sec.6. Integer Wrap-Around in Inverse Gain Computation 32-bit integer overflow in Levinson recursion. Affects silk_is_lpc_stable(). Sec.8. Cap on Band Energy NaN due to large log-energy value. Affects celt_denormalize(). Signed-off-by: Andrew D'Addesio --- libavcodec/opus_celt.c | 3 ++- libavcodec/opus_silk.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/libavcodec/opus_celt.c b/libavcodec/opus_celt.c index 84d4847..ff56041 100644 --- a/libavcodec/opus_celt.c +++ b/libavcodec/opus_celt.c @@ -481,7 +481,8 @@ static void celt_denormalize(CeltFrame *f, CeltBlock *block, float *data) for (i = f->start_band; i < f->end_band; i++) { float *dst = data + (ff_celt_freq_bands[i] << f->size); - float norm = exp2f(block->energy[i] + ff_celt_mean_energy[i]); + float log_norm = block->energy[i] + ff_celt_mean_energy[i]; + float norm = exp2f(FFMIN(log_norm, 32.0f)); for (j = 0; j < ff_celt_freq_range[i] << f->size; j++) dst[j] *= norm; diff --git a/libavcodec/opus_silk.c b/libavcodec/opus_silk.c index 3c9c849..344333c 100644 --- a/libavcodec/opus_silk.c +++ b/libavcodec/opus_silk.c @@ -185,8 +185,15 @@ static inline int silk_is_lpc_stable(const int16_t lpc[16], int order) row = lpc32[k & 1]; for (j = 0; j < k; j++) { - int x = prevrow[j] - ROUND_MULL(prevrow[k - j - 1], rc, 31); - row[j] = ROUND_MULL(x, gain, fbits); + int x = av_sat_sub32(prevrow[j], ROUND_MULL(prevrow[k - j - 1], rc, 31)); + int64_t tmp = ROUND_MULL(x, gain, fbits); + + /* per RFC 8251 section 6, if this calculation overflows, the filter + is considered unstable. */ + if (tmp < INT32_MIN || tmp > INT32_MAX) + return 0; + + row[j] = (int32_t)tmp; } } }