As reported by ubsan.
---
I'm not sure they are all of them, but at least I fixed those I can
catch from the fate samples.
libavcodec/opus_celt.c | 43 +++++++++++++++++++++++++++----------------
libavcodec/opus_silk.c | 14 +++++++-------
2 files changed, 34 insertions(+), 23 deletions(-)
diff --git a/libavcodec/opus_celt.c b/libavcodec/opus_celt.c
index ff53b8c..3962fc9 100644
--- a/libavcodec/opus_celt.c
+++ b/libavcodec/opus_celt.c
@@ -503,9 +503,9 @@ static inline int celt_log2tan(int isin, int icos)
ls = opus_ilog(isin);
icos <<= 15 - lc;
isin <<= 15 - ls;
- return ((ls-lc) << 11)
- + ROUND_MUL16(isin, ROUND_MUL16(isin, -2597) + 7932)
- - ROUND_MUL16(icos, ROUND_MUL16(icos, -2597) + 7932);
+ return (ls << 11) - (lc << 11) +
+ ROUND_MUL16(isin, ROUND_MUL16(isin, -2597) + 7932) -
+ ROUND_MUL16(icos, ROUND_MUL16(icos, -2597) + 7932);
}
static inline uint32_t celt_rng(CeltContext *s)
@@ -728,14 +728,18 @@ static void celt_decode_allocation(CeltContext *s,
OpusRangeCoder *rc)
}
for (i = s->startband; i < s->endband; i++) {
- /* PVQ minimum allocation threshold; below this value, the band is
skipped */
- threshold[i] = FFMAX(3 * celt_freq_range[i] << s->duration << 3 >> 4,
+ int trim = alloctrim - 5 - s->duration;
+ int band = celt_freq_range[i] * (s->endband - i - 1);
+ int duration = s->duration + 3;
+ int scale = duration + s->coded_channels - 1;
+
+ /* PVQ minimum allocation threshold, below this value the band is
+ * skipped */
+ threshold[i] = FFMAX(3 * celt_freq_range[i] << duration >> 4,
s->coded_channels << 3);
- /* trim offset */
- trim_offset[i] = celt_freq_range[i] *
- (alloctrim - 5 - s->duration) * (s->endband - i - 1)
- << (s->duration+3) << (s->coded_channels - 1) >> 6;
+ trim_offset[i] = trim * (band << scale) >> 6;
+
if (celt_freq_range[i] << s->duration == 1)
trim_offset[i] -= s->coded_channels << 3;
}
@@ -896,8 +900,10 @@ static void celt_decode_allocation(CeltContext *s,
OpusRangeCoder *rc)
if (N > 1) {
int dof; // degrees of freedom
int temp; // dof * channels * log(dof)
- int offset; // fine energy quantization offset, i.e. extra
bits assigned
- // over the standard totalbits/dof
+ int offset; // fine energy quantization offset, i.e.
+ // extra bits assigned over the standard
+ // totalbits/dof
+ int fine_bits, max_bits;
extrabits = FFMAX(0, s->pulses[i] - cap[i]);
s->pulses[i] -= extrabits;
@@ -916,9 +922,13 @@ static void celt_decode_allocation(CeltContext *s,
OpusRangeCoder *rc)
else if (s->pulses[i] + offset < 3 * (dof<<3))
offset += temp >> 3;
- s->fine_bits[i] = av_clip((s->pulses[i] + offset + (dof<<2)) /
(dof<<3),
- 0, FFMIN((s->pulses[i]>>3) >>
(s->coded_channels - 1),
- CELT_MAX_FINE_BITS));
+ fine_bits = (s->pulses[i] + offset + (dof << 2)) / (dof << 3);
+ max_bits = FFMIN((s->pulses[i]>>3) >> (s->coded_channels - 1),
+ CELT_MAX_FINE_BITS);
+
+ max_bits = FFMAX(max_bits, 0);
+
+ s->fine_bits[i] = av_clip(fine_bits, 0, max_bits);
/* if fine_bits was rounded down or capped,
give priority for the final fine energy pass */
@@ -1407,7 +1417,7 @@ static unsigned int celt_decode_band(CeltContext *s,
OpusRangeCoder *rc,
int tell;
/* Decide on the resolution to give to the split parameter theta */
- pulse_cap = celt_log_freq_range[band] + (duration<<3);
+ pulse_cap = celt_log_freq_range[band] + duration * 8;
offset = (pulse_cap>>1) - (dualstereo && N == 2 ?
CELT_QTHETA_OFFSET_TWOPHASE :
CELT_QTHETA_OFFSET);
qn = (dualstereo && band >= s->intensitystereo) ? 1 :
@@ -1981,7 +1991,8 @@ int ff_celt_decode_frame(CeltContext *s, OpusRangeCoder
*rc,
s->duration = av_log2(frame_size / CELT_SHORT_BLOCKSIZE);
if (s->duration > CELT_MAX_LOG_BLOCKS ||
frame_size != CELT_SHORT_BLOCKSIZE * (1 << s->duration)) {
- av_log(s->avctx, AV_LOG_ERROR, "Invalid CELT frame size: %d\n",
frame_size);
+ av_log(s->avctx, AV_LOG_ERROR, "Invalid CELT frame size: %d\n",
+ frame_size);
return AVERROR_INVALIDDATA;
}
diff --git a/libavcodec/opus_silk.c b/libavcodec/opus_silk.c
index 9e1acd8..6d1abbf 100644
--- a/libavcodec/opus_silk.c
+++ b/libavcodec/opus_silk.c
@@ -875,7 +875,7 @@ static inline int silk_is_lpc_stable(const int16_t lpc[16],
int order)
/* initialize the first row for the Levinson recursion */
for (k = 0; k < order; k++) {
DC_resp += lpc[k];
- row[k] = lpc[k] << 12;
+ row[k] = lpc[k] * 4096;
}
if (DC_resp >= 4096)
@@ -892,7 +892,7 @@ static inline int silk_is_lpc_stable(const int16_t lpc[16],
int order)
if (FFABS(row[k]) > 16773022)
return 0;
- rc = -(row[k] << 7);
+ rc = -(row[k] * 128);
gaindiv = (1<<30) - MULH(rc, rc);
totalinvgain = MULH(totalinvgain, gaindiv) << 2;
@@ -924,7 +924,7 @@ static void silk_lsp2poly(const int32_t lsp[16], int32_t
pol[16], int half_order
pol[1] = -lsp[0];
for (i = 1; i < half_order; i++) {
- pol[i+1] = (pol[i-1] << 1) - ROUND_MULL(lsp[2*i], pol[i], 16);
+ pol[i+1] = pol[i-1] * 2 - ROUND_MULL(lsp[2*i], pol[i], 16);
for (j = i; j > 1; j--)
pol[j] += pol[j-2] - ROUND_MULL(lsp[2*i], pol[j-1], 16);
@@ -947,7 +947,7 @@ static void silk_lsf2lpc(const int16_t nlsf[16], float
lpcf[16], int order)
int k2 = (order == 10) ? silk_lsf_ordering_nbmb[k] :
silk_lsf_ordering_wb[k];
/* interpolate and round */
- lsp[k2] = silk_cosine[index] << 8;
+ lsp[k2] = silk_cosine[index] * 256;
lsp[k2] += (silk_cosine[index+1] - silk_cosine[index])*offset;
lsp[k2] = (lsp[k2] + 4) >> 3;
}
@@ -1044,7 +1044,7 @@ static inline void silk_decode_lpc(SilkContext *s,
SilkFrame *frame,
for (i = order - 1; i >= 0; i--) {
int qstep = s->wb ? 9830 : 11796;
- lsf_res[i] = lsf_i2[i] << 10;
+ lsf_res[i] = lsf_i2[i] * 1024;
if (lsf_i2[i] < 0) lsf_res[i] += 102;
else if (lsf_i2[i] > 0) lsf_res[i] -= 102;
lsf_res[i] = (lsf_res[i] * qstep) >> 16;
@@ -1075,7 +1075,7 @@ static inline void silk_decode_lpc(SilkContext *s,
SilkFrame *frame,
y = ((ipart&1) ? 32768 : 46214) >> ((32-ipart)>>1);
weight = y + ((213*fpart*y) >> 16);
- value = (cur << 7) + (lsf_res[i] << 14) / weight;
+ value = cur * 128 + (lsf_res[i] * 16384) / weight;
nlsf[i] = av_clip(value, 0, 32767);
}
@@ -1199,7 +1199,7 @@ static inline void silk_decode_excitation(SilkContext *s,
OpusRangeCoder *rc,
/* assemble the excitation */
for (i = 0; i < shellblocks << 4; i++) {
int value = excitation[i];
- excitation[i] = (value << 8) | silk_quant_offset[voiced][qoffset_high];
+ excitation[i] = value * 256 | silk_quant_offset[voiced][qoffset_high];
if (value < 0) excitation[i] += 20;
else if (value > 0) excitation[i] -= 20;
--
1.8.5.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
