Skip to content

Commit cf4d62c

Browse files
Dutchman101Dutchman101
committed
libspeex: Fix UB/Flow-cast overflow (and similar ones)
Cherry-picked from xiph/speex@db6af61
1 parent e8fe4ea commit cf4d62c

File tree

1 file changed

+96
-16
lines changed

1 file changed

+96
-16
lines changed

vendor/libspeex/libspeex/fixed_debug.h

+96-16
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,13 @@ static inline short NEG16(int x)
5656
}
5757
res = -x;
5858
if (!VERIFY_SHORT(res))
59-
fprintf (stderr, "NEG16: output is not short: %d\n", (int)res);
59+
{
60+
fprintf (stderr, "NEG16: output is not short: %d\n", (int)res);
61+
if (res > 32767)
62+
res = 32767;
63+
if (res < -32768)
64+
res = -32768;
65+
}
6066
spx_mips++;
6167
return res;
6268
}
@@ -110,7 +116,13 @@ static inline short _SHR16(int a, int shift, char *file, int line)
110116
}
111117
res = a>>shift;
112118
if (!VERIFY_SHORT(res))
113-
fprintf (stderr, "SHR16: output is not short: %d in %s: line %d\n", res, file, line);
119+
{
120+
fprintf (stderr, "SHR16: output is not short: %d in %s: line %d\n", res, file, line);
121+
if (res > 32767)
122+
res = 32767;
123+
if (res < -32768)
124+
res = -32768;
125+
}
114126
spx_mips++;
115127
return res;
116128
}
@@ -124,7 +136,13 @@ static inline short _SHL16(int a, int shift, char *file, int line)
124136
}
125137
res = (int)((unsigned)a<<shift);
126138
if (!VERIFY_SHORT(res))
127-
fprintf (stderr, "SHL16: output is not short: %d in %s: line %d\n", res, file, line);
139+
{
140+
fprintf (stderr, "SHL16: output is not short: %d in %s: line %d\n", res, file, line);
141+
if (res > 32767)
142+
res = 32767;
143+
if (res < -32768)
144+
res = -32768;
145+
}
128146
spx_mips++;
129147
return res;
130148
}
@@ -181,7 +199,11 @@ static inline short _ADD16(int a, int b, char *file, int line)
181199
res = a+b;
182200
if (!VERIFY_SHORT(res))
183201
{
184-
fprintf (stderr, "ADD16: output is not short: %d+%d=%d in %s: line %d\n", a,b,res, file, line);
202+
fprintf (stderr, "ADD16: output is not short: %d+%d=%d in %s: line %d\n", a,b,res, file, line);
203+
if (res > 32767)
204+
res = 32767;
205+
if (res < -32768)
206+
res = -32768;
185207
}
186208
spx_mips++;
187209
return res;
@@ -197,7 +219,13 @@ static inline short _SUB16(int a, int b, char *file, int line)
197219
}
198220
res = a-b;
199221
if (!VERIFY_SHORT(res))
200-
fprintf (stderr, "SUB16: output is not short: %d in %s: line %d\n", res, file, line);
222+
{
223+
fprintf (stderr, "SUB16: output is not short: %d in %s: line %d\n", res, file, line);
224+
if (res > 32767)
225+
res = 32767;
226+
if (res < -32768)
227+
res = -32768;
228+
}
201229
spx_mips++;
202230
return res;
203231
}
@@ -227,8 +255,14 @@ static inline int SUB32(long long a, long long b)
227255
fprintf (stderr, "SUB32: inputs are not int: %d %d\n", (int)a, (int)b);
228256
}
229257
res = a-b;
230-
if (!VERIFY_INT(res))
231-
fprintf (stderr, "SUB32: output is not int: %d\n", (int)res);
258+
if (!VERIFY_SHORT(res))
259+
{
260+
fprintf (stderr, "SUB32: output is not int: %d\n", (int)res);
261+
if (res > 32767)
262+
res = 32767;
263+
if (res < -32768)
264+
res = -32768;
265+
}
232266
spx_mips++;
233267
return res;
234268
}
@@ -245,7 +279,13 @@ static inline short MULT16_16_16(int a, int b)
245279
}
246280
res = a*b;
247281
if (!VERIFY_SHORT(res))
248-
fprintf (stderr, "MULT16_16_16: output is not short: %d\n", res);
282+
{
283+
fprintf (stderr, "MULT16_16_16: output is not short: %d\n", res);
284+
if (res > 32767)
285+
res = 32767;
286+
if (res < -32768)
287+
res = -32768;
288+
}
249289
spx_mips++;
250290
return res;
251291
}
@@ -329,8 +369,14 @@ static inline int MULT16_16_Q11_32(int a, int b)
329369
}
330370
res = ((long long)a)*b;
331371
res >>= 11;
332-
if (!VERIFY_INT(res))
333-
fprintf (stderr, "MULT16_16_Q11: output is not short: %d*%d=%d\n", (int)a, (int)b, (int)res);
372+
if (!VERIFY_SHORT(res))
373+
{
374+
fprintf (stderr, "MULT16_16_Q11: output is not short: %d*%d=%d\n", (int)a, (int)b, (int)res);
375+
if (res > 32767)
376+
res = 32767;
377+
if (res < -32768)
378+
res = -32768;
379+
}
334380
spx_mips+=3;
335381
return res;
336382
}
@@ -344,7 +390,13 @@ static inline short MULT16_16_Q13(int a, int b)
344390
res = ((long long)a)*b;
345391
res >>= 13;
346392
if (!VERIFY_SHORT(res))
347-
fprintf (stderr, "MULT16_16_Q13: output is not short: %d*%d=%d\n", a, b, (int)res);
393+
{
394+
fprintf (stderr, "MULT16_16_Q13: output is not short: %d*%d=%d\n", a, b, (int)res);
395+
if (res > 32767)
396+
res = 32767;
397+
if (res < -32768)
398+
res = -32768;
399+
}
348400
spx_mips+=3;
349401
return res;
350402
}
@@ -358,7 +410,13 @@ static inline short MULT16_16_Q14(int a, int b)
358410
res = ((long long)a)*b;
359411
res >>= 14;
360412
if (!VERIFY_SHORT(res))
361-
fprintf (stderr, "MULT16_16_Q14: output is not short: %d\n", (int)res);
413+
{
414+
fprintf (stderr, "MULT16_16_Q14: output is not short: %d\n", (int)res);
415+
if (res > 32767)
416+
res = 32767;
417+
if (res < -32768)
418+
res = -32768;
419+
}
362420
spx_mips+=3;
363421
return res;
364422
}
@@ -373,7 +431,11 @@ static inline short MULT16_16_Q15(int a, int b)
373431
res >>= 15;
374432
if (!VERIFY_SHORT(res))
375433
{
376-
fprintf (stderr, "MULT16_16_Q15: output is not short: %d\n", (int)res);
434+
fprintf(stderr, "MULT16_16_P14: output is not short: %d*%d=%d\n", a, b, (int)res);
435+
if (res > 32767)
436+
res = 32767;
437+
if (res < -32768)
438+
res = -32768;
377439
}
378440
spx_mips+=3;
379441
return res;
@@ -392,7 +454,13 @@ static inline short MULT16_16_P13(int a, int b)
392454
fprintf (stderr, "MULT16_16_P13: overflow: %d*%d=%d\n", a, b, (int)res);
393455
res >>= 13;
394456
if (!VERIFY_SHORT(res))
395-
fprintf (stderr, "MULT16_16_P13: output is not short: %d*%d=%d\n", a, b, (int)res);
457+
{
458+
fprintf (stderr, "MULT16_16_P13: output is not short: %d*%d=%d\n", a, b, (int)res);
459+
if (res > 32767)
460+
res = 32767;
461+
if (res < -32768)
462+
res = -32768;
463+
}
396464
spx_mips+=4;
397465
return res;
398466
}
@@ -409,7 +477,13 @@ static inline short MULT16_16_P14(int a, int b)
409477
fprintf (stderr, "MULT16_16_P14: overflow: %d*%d=%d\n", a, b, (int)res);
410478
res >>= 14;
411479
if (!VERIFY_SHORT(res))
412-
fprintf (stderr, "MULT16_16_P14: output is not short: %d*%d=%d\n", a, b, (int)res);
480+
{
481+
fprintf(stderr, "MULT16_16_P14: output is not short: %d*%d=%d\n", a, b, (int)res);
482+
if (res > 32767)
483+
res = 32767;
484+
if (res < -32768)
485+
res = -32768;
486+
}
413487
spx_mips+=4;
414488
return res;
415489
}
@@ -426,7 +500,13 @@ static inline short MULT16_16_P15(int a, int b)
426500
fprintf (stderr, "MULT16_16_P15: overflow: %d*%d=%d\n", a, b, (int)res);
427501
res >>= 15;
428502
if (!VERIFY_SHORT(res))
429-
fprintf (stderr, "MULT16_16_P15: output is not short: %d*%d=%d\n", a, b, (int)res);
503+
{
504+
fprintf(stderr, "MULT16_16_P14: output is not short: %d*%d=%d\n", a, b, (int)res);
505+
if (res > 32767)
506+
res = 32767;
507+
if (res < -32768)
508+
res = -32768;
509+
}
430510
spx_mips+=4;
431511
return res;
432512
}

0 commit comments

Comments
 (0)