packages/speex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix signed integer overflow detected by oss-fuzz

Browse Source
This commit is contained in:
jinzhimin369 2020-09-14 17:28:06 +08:00
parent de273a225b
commit b73039fdfb
2 changed files with 132 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch Normal file
View File

@ -0,0 +1,123 @@
From c1f82d214872cae4a60c2594cc8c53d11246e3a9 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Sat, 2 Mar 2019 00:50:35 -0500
Subject: [PATCH] math_approx: use unsigned int for LCG pseudorandom generator
This avoids an integer overflow.
---
libspeex/cb_search.c | 4 ++--
libspeex/cb_search.h | 4 ++--
libspeex/math_approx.h | 4 ++--
libspeex/modes.h | 2 +-
libspeex/nb_celp.h | 2 +-
libspeex/sb_celp.h | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/libspeex/cb_search.c b/libspeex/cb_search.c
index 63f4c6a..9629772 100644
--- a/libspeex/cb_search.c
+++ b/libspeex/cb_search.c
@@ -517,7 +517,7 @@ const void *par, /* non-overlapping codebook */
int nsf, /* number of samples in subframe */
SpeexBits *bits,
char *stack,
-spx_int32_t *seed
+spx_uint32_t *seed
)
{
int i,j;
@@ -602,7 +602,7 @@ const void *par, /* non-overlapping codebook */
int nsf, /* number of samples in subframe */
SpeexBits *bits,
char *stack,
-spx_int32_t *seed
+spx_uint32_t *seed
)
{
int i;
diff --git a/libspeex/cb_search.h b/libspeex/cb_search.h
index 7687b45..eb45b56 100644
--- a/libspeex/cb_search.h
+++ b/libspeex/cb_search.h
@@ -70,7 +70,7 @@ const void *par, /* non-overlapping codebook */
int nsf, /* number of samples in subframe */
SpeexBits *bits,
char *stack,
-spx_int32_t *seed
+spx_uint32_t *seed
);
@@ -97,7 +97,7 @@ const void *par, /* non-overlapping codebook */
int nsf, /* number of samples in subframe */
SpeexBits *bits,
char *stack,
-spx_int32_t *seed
+spx_uint32_t *seed
);
#endif
diff --git a/libspeex/math_approx.h b/libspeex/math_approx.h
index 9ca8307..6573113 100644
--- a/libspeex/math_approx.h
+++ b/libspeex/math_approx.h
@@ -46,7 +46,7 @@
#define spx_atan atan
/** Generate a pseudo-random number */
-static inline spx_word16_t speex_rand(spx_word16_t std, spx_int32_t *seed)
+static inline spx_word16_t speex_rand(spx_word16_t std, spx_uint32_t *seed)
{
const unsigned int jflone = 0x3f800000;
const unsigned int jflmsk = 0x007fffff;
@@ -119,7 +119,7 @@ static inline spx_int16_t spx_ilog4(spx_uint32_t x)
#ifdef FIXED_POINT
/** Generate a pseudo-random number */
-static inline spx_word16_t speex_rand(spx_word16_t std, spx_int32_t *seed)
+static inline spx_word16_t speex_rand(spx_word16_t std, spx_uint32_t *seed)
{
spx_word32_t res;
*seed = 1664525 * *seed + 1013904223;
diff --git a/libspeex/modes.h b/libspeex/modes.h
index 26e2d86..0ae19cc 100644
--- a/libspeex/modes.h
+++ b/libspeex/modes.h
@@ -86,7 +86,7 @@ typedef void (*innovation_quant_func)(spx_word16_t *, spx_coef_t *, spx_coef_t *
spx_sig_t *, spx_word16_t *, SpeexBits *, char *, int, int);
/** Innovation unquantization function */
-typedef void (*innovation_unquant_func)(spx_sig_t *, const void *, int, SpeexBits*, char *, spx_int32_t *);
+typedef void (*innovation_unquant_func)(spx_sig_t *, const void *, int, SpeexBits*, char *, spx_uint32_t *);
/** Description of a Speex sub-mode (wither narrowband or wideband */
typedef struct SpeexSubmode {
diff --git a/libspeex/nb_celp.h b/libspeex/nb_celp.h
index 14c776f..41ccd15 100644
--- a/libspeex/nb_celp.h
+++ b/libspeex/nb_celp.h
@@ -153,7 +153,7 @@ typedef struct DecState {
spx_word16_t last_pitch_gain; /**< Pitch gain of last correctly decoded frame */
spx_word16_t pitch_gain_buf[3]; /**< Pitch gain of last decoded frames */
int pitch_gain_buf_idx; /**< Tail of the buffer */
- spx_int32_t seed; /** Seed used for random number generation */
+ spx_uint32_t seed; /** Seed used for random number generation */
int encode_submode;
const SpeexSubmode * const *submodes; /**< Sub-mode data */
diff --git a/libspeex/sb_celp.h b/libspeex/sb_celp.h
index e8c3761..24a2801 100644
--- a/libspeex/sb_celp.h
+++ b/libspeex/sb_celp.h
@@ -121,7 +121,7 @@ typedef struct SBDecState {
spx_word16_t *innov_save; /** If non-NULL, innovation is copied here */
spx_word16_t last_ener;
- spx_int32_t seed;
+ spx_uint32_t seed;
int encode_submode;
const SpeexSubmode * const *submodes;
--
2.23.0

10
speex.spec
View File

@ -1,11 +1,13 @@
Name: speex Name: speex
Version: 1.2.0 Version: 1.2.0
Release: 4 Release: 5
Summary: A Free Codec For Free Speech Summary: A Free Codec For Free Speech
License: BSD License: BSD
URL: https://www.speex.org/ URL: https://www.speex.org/
Source0: http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz Source0: http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz
Patch6000: backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp) BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp)
Obsoletes: %{name}-tools Obsoletes: %{name}-tools
@ -67,6 +69,12 @@ This package is the development and files for speex.
%{_mandir}/man1/speexdec.1.gz %{_mandir}/man1/speexdec.1.gz
%changelog %changelog
* Mon Sep 14 2020 shangyibin<shangyibin1@huawei.com> - 1.2.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix signed integer overflow detected by oss-fuzz
* Fri Sep 27 2019 shenyangyang<shenyangyang4@huawei.com> - 1.2.0-4 * Fri Sep 27 2019 shenyangyang<shenyangyang4@huawei.com> - 1.2.0-4
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA