Forráskód Böngészése

sb_celp: memset innovation memory in dtx case of null mode

This was happening for an ultra-wideband fuzzer testcase.

Fixes msan error:
 Issue 69402: speex:speex_decode_fuzzer_float: Use-of-uninitialized-value in compute_rms16

found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex

Fixes https://gitlab.xiph.org/xiph/speex/-/issues/2050
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69402

Signed-off-by: Tristan Matthews <tmatth@videolan.org>
Tristan Matthews 5 hónapja
szülő
commit
1dd8e64765
1 módosított fájl, 3 hozzáadás és 3 törlés
  1. 3 3
      libspeex/sb_celp.c

+ 3 - 3
libspeex/sb_celp.c

@@ -1277,6 +1277,9 @@ int sb_decode(void *state, SpeexBits *bits, void *vout)
    /* If null mode (no transmission), just set a couple things to zero*/
    if (st->submodes[st->submodeID] == NULL)
    {
+      if (st->innov_save)
+        SPEEX_MEMSET(st->innov_save, 0, st->full_frame_size);
+
       if (dtx)
       {
          sb_decode_lost(st, out, 1, stack);
@@ -1293,9 +1296,6 @@ int sb_decode(void *state, SpeexBits *bits, void *vout)
 
       qmf_synth(out, out+st->frame_size, h0, out, st->full_frame_size, QMF_ORDER, st->g0_mem, st->g1_mem, stack);
 
-      if (st->innov_save)
-         SPEEX_MEMSET(st->innov_save, 0, st->full_frame_size);
-
       return 0;
 
    }