rpms / opus

Clone
Source Code
GIT

Files

  1.   a612cab937e5e909c960fabed12d15f1528d4025
  2.   SOURCES
  3.   0001-Fix-several-memory-errors-in-the-SILK-resampler.patch
Blob Blame History Raw 
From dc58579c2c7e060084554018e9a2e8c25097a255 Mon Sep 17 00:00:00 2001
From: "Timothy B. Terriberry" <tterribe@xiph.org>
Date: Wed, 8 May 2013 10:25:52 -0700
Subject: [PATCH] Fix several memory errors in the SILK resampler.

1) The memcpy's were using sizeof(opus_int32), but the type of the
    local buffer was opus_int16.
2) Because the size was wrong, this potentially allowed the source
    and destination regions of the memcpy overlap.
   I _believe_ that nSamplesIn is at least fs_in_khZ, which is at
    least 8.
   Since RESAMPLER_ORDER_FIR_12 is only 8, I don't think that's a
    problem once you fix the type size.
3) The size of the buffer used RESAMPLER_MAX_BATCH_SIZE_IN, but the
    data stored in it was actually _twice_ the input batch size
    (nSamplesIn<<1).

Because this never blew up in testing, I suspect that in practice
 the batch sizes are reasonable enough that none of these things
 was ever a problem, but proving that seems non-obvious.

This patch just converts the whole thing to use CELT's vararrays.
This fixes the buffer size problems (since we allocate a buffer
 with the actual size we use) and gets these large buffers off the
 stack on devices using the pseudo-stack.
It also fixes the memcpy problems by changing the sizeof to
 opus_int16.
It turns out sFIR, which saved state between calls, was being used
 elsewhere as opus_int32, so this converts it to a union to make
 this sharing explicit.
---
 silk/resampler_private_IIR_FIR.c  | 14 +++++++++-----
 silk/resampler_private_down_FIR.c |  4 ++--
 silk/resampler_structs.h          |  5 ++++-
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/silk/resampler_private_IIR_FIR.c b/silk/resampler_private_IIR_FIR.c
index d9e42ca..2b9602d 100644
--- a/silk/resampler_private_IIR_FIR.c
+++ b/silk/resampler_private_IIR_FIR.c
@@ -31,6 +31,7 @@ POSSIBILITY OF SUCH DAMAGE.
 
 #include "SigProc_FIX.h"
 #include "resampler_private.h"
+#include "stack_alloc.h"
 
 static inline opus_int16 *silk_resampler_private_IIR_FIR_INTERPOL(
     opus_int16  *out,
@@ -71,10 +72,13 @@ void silk_resampler_private_IIR_FIR(
     silk_resampler_state_struct *S = (silk_resampler_state_struct *)SS;
     opus_int32 nSamplesIn;
     opus_int32 max_index_Q16, index_increment_Q16;
-    opus_int16 buf[ RESAMPLER_MAX_BATCH_SIZE_IN + RESAMPLER_ORDER_FIR_12 ];
+    VARDECL( opus_int16, buf );
+    SAVE_STACK;
+
+    ALLOC( buf, 2 * S->batchSize + RESAMPLER_ORDER_FIR_12, opus_int16 );
 
     /* Copy buffered samples to start of buffer */
-    silk_memcpy( buf, S->sFIR, RESAMPLER_ORDER_FIR_12 * sizeof( opus_int32 ) );
+    silk_memcpy( buf, S->sFIR.i16, RESAMPLER_ORDER_FIR_12 * sizeof( opus_int16 ) );
 
     /* Iterate over blocks of frameSizeIn input samples */
     index_increment_Q16 = S->invRatio_Q16;
@@ -91,13 +95,13 @@ void silk_resampler_private_IIR_FIR(
 
         if( inLen > 0 ) {
             /* More iterations to do; copy last part of filtered signal to beginning of buffer */
-            silk_memcpy( buf, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int32 ) );
+            silk_memcpy( buf, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int16 ) );
         } else {
             break;
         }
     }
 
     /* Copy last part of filtered signal to the state for the next call */
-    silk_memcpy( S->sFIR, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int32 ) );
+    silk_memcpy( S->sFIR.i16, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int16 ) );
+    RESTORE_STACK;
 }
-
diff --git a/silk/resampler_private_down_FIR.c b/silk/resampler_private_down_FIR.c
index 5d24564..8bedb0d 100644
--- a/silk/resampler_private_down_FIR.c
+++ b/silk/resampler_private_down_FIR.c
@@ -155,7 +155,7 @@ void silk_resampler_private_down_FIR(
     const opus_int16 *FIR_Coefs;
 
     /* Copy buffered samples to start of buffer */
-    silk_memcpy( buf, S->sFIR, S->FIR_Order * sizeof( opus_int32 ) );
+    silk_memcpy( buf, S->sFIR.i32, S->FIR_Order * sizeof( opus_int32 ) );
 
     FIR_Coefs = &S->Coefs[ 2 ];
 
@@ -185,5 +185,5 @@ void silk_resampler_private_down_FIR(
     }
 
     /* Copy last part of filtered signal to the state for the next call */
-    silk_memcpy( S->sFIR, &buf[ nSamplesIn ], S->FIR_Order * sizeof( opus_int32 ) );
+    silk_memcpy( S->sFIR.i32, &buf[ nSamplesIn ], S->FIR_Order * sizeof( opus_int32 ) );
 }
diff --git a/silk/resampler_structs.h b/silk/resampler_structs.h
index 4c28bd0..d1a0b95 100644
--- a/silk/resampler_structs.h
+++ b/silk/resampler_structs.h
@@ -37,7 +37,10 @@ extern "C" {
 
 typedef struct _silk_resampler_state_struct{
     opus_int32       sIIR[ SILK_RESAMPLER_MAX_IIR_ORDER ]; /* this must be the first element of this struct */
-    opus_int32       sFIR[ SILK_RESAMPLER_MAX_FIR_ORDER ];
+    union{
+        opus_int32   i32[ SILK_RESAMPLER_MAX_FIR_ORDER ];
+        opus_int16   i16[ SILK_RESAMPLER_MAX_FIR_ORDER ];
+    }                sFIR;
     opus_int16       delayBuf[ 48 ];
     opus_int         resampler_function;
     opus_int         batchSize;
-- 
1.8.4.2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation