From dc58579c2c7e060084554018e9a2e8c25097a255 Mon Sep 17 00:00:00 2001 From: "Timothy B. Terriberry" Date: Wed, 8 May 2013 10:25:52 -0700 Subject: [PATCH] Fix several memory errors in the SILK resampler. 1) The memcpy's were using sizeof(opus_int32), but the type of the local buffer was opus_int16. 2) Because the size was wrong, this potentially allowed the source and destination regions of the memcpy overlap. I _believe_ that nSamplesIn is at least fs_in_khZ, which is at least 8. Since RESAMPLER_ORDER_FIR_12 is only 8, I don't think that's a problem once you fix the type size. 3) The size of the buffer used RESAMPLER_MAX_BATCH_SIZE_IN, but the data stored in it was actually _twice_ the input batch size (nSamplesIn<<1). Because this never blew up in testing, I suspect that in practice the batch sizes are reasonable enough that none of these things was ever a problem, but proving that seems non-obvious. This patch just converts the whole thing to use CELT's vararrays. This fixes the buffer size problems (since we allocate a buffer with the actual size we use) and gets these large buffers off the stack on devices using the pseudo-stack. It also fixes the memcpy problems by changing the sizeof to opus_int16. It turns out sFIR, which saved state between calls, was being used elsewhere as opus_int32, so this converts it to a union to make this sharing explicit. --- silk/resampler_private_IIR_FIR.c | 14 +++++++++----- silk/resampler_private_down_FIR.c | 4 ++-- silk/resampler_structs.h | 5 ++++- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/silk/resampler_private_IIR_FIR.c b/silk/resampler_private_IIR_FIR.c index d9e42ca..2b9602d 100644 --- a/silk/resampler_private_IIR_FIR.c +++ b/silk/resampler_private_IIR_FIR.c @@ -31,6 +31,7 @@ POSSIBILITY OF SUCH DAMAGE. #include "SigProc_FIX.h" #include "resampler_private.h" +#include "stack_alloc.h" static inline opus_int16 *silk_resampler_private_IIR_FIR_INTERPOL( opus_int16 *out, @@ -71,10 +72,13 @@ void silk_resampler_private_IIR_FIR( silk_resampler_state_struct *S = (silk_resampler_state_struct *)SS; opus_int32 nSamplesIn; opus_int32 max_index_Q16, index_increment_Q16; - opus_int16 buf[ RESAMPLER_MAX_BATCH_SIZE_IN + RESAMPLER_ORDER_FIR_12 ]; + VARDECL( opus_int16, buf ); + SAVE_STACK; + + ALLOC( buf, 2 * S->batchSize + RESAMPLER_ORDER_FIR_12, opus_int16 ); /* Copy buffered samples to start of buffer */ - silk_memcpy( buf, S->sFIR, RESAMPLER_ORDER_FIR_12 * sizeof( opus_int32 ) ); + silk_memcpy( buf, S->sFIR.i16, RESAMPLER_ORDER_FIR_12 * sizeof( opus_int16 ) ); /* Iterate over blocks of frameSizeIn input samples */ index_increment_Q16 = S->invRatio_Q16; @@ -91,13 +95,13 @@ void silk_resampler_private_IIR_FIR( if( inLen > 0 ) { /* More iterations to do; copy last part of filtered signal to beginning of buffer */ - silk_memcpy( buf, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int32 ) ); + silk_memcpy( buf, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int16 ) ); } else { break; } } /* Copy last part of filtered signal to the state for the next call */ - silk_memcpy( S->sFIR, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int32 ) ); + silk_memcpy( S->sFIR.i16, &buf[ nSamplesIn << 1 ], RESAMPLER_ORDER_FIR_12 * sizeof( opus_int16 ) ); + RESTORE_STACK; } - diff --git a/silk/resampler_private_down_FIR.c b/silk/resampler_private_down_FIR.c index 5d24564..8bedb0d 100644 --- a/silk/resampler_private_down_FIR.c +++ b/silk/resampler_private_down_FIR.c @@ -155,7 +155,7 @@ void silk_resampler_private_down_FIR( const opus_int16 *FIR_Coefs; /* Copy buffered samples to start of buffer */ - silk_memcpy( buf, S->sFIR, S->FIR_Order * sizeof( opus_int32 ) ); + silk_memcpy( buf, S->sFIR.i32, S->FIR_Order * sizeof( opus_int32 ) ); FIR_Coefs = &S->Coefs[ 2 ]; @@ -185,5 +185,5 @@ void silk_resampler_private_down_FIR( } /* Copy last part of filtered signal to the state for the next call */ - silk_memcpy( S->sFIR, &buf[ nSamplesIn ], S->FIR_Order * sizeof( opus_int32 ) ); + silk_memcpy( S->sFIR.i32, &buf[ nSamplesIn ], S->FIR_Order * sizeof( opus_int32 ) ); } diff --git a/silk/resampler_structs.h b/silk/resampler_structs.h index 4c28bd0..d1a0b95 100644 --- a/silk/resampler_structs.h +++ b/silk/resampler_structs.h @@ -37,7 +37,10 @@ extern "C" { typedef struct _silk_resampler_state_struct{ opus_int32 sIIR[ SILK_RESAMPLER_MAX_IIR_ORDER ]; /* this must be the first element of this struct */ - opus_int32 sFIR[ SILK_RESAMPLER_MAX_FIR_ORDER ]; + union{ + opus_int32 i32[ SILK_RESAMPLER_MAX_FIR_ORDER ]; + opus_int16 i16[ SILK_RESAMPLER_MAX_FIR_ORDER ]; + } sFIR; opus_int16 delayBuf[ 48 ]; opus_int resampler_function; opus_int batchSize; -- 1.8.4.2