From a6595e6201064f34d1795be4e8d1412e426b233b Mon Sep 17 00:00:00 2001
From: Mark Harris <mark.hsj@gmail.com>
Date: Wed, 7 Oct 2015 09:21:23 -0400
Subject: [PATCH] Extra safety against NaNs in surround_analysis()

Fix out-of-bounds memory read in multichannel surround analysis
with float input that contains NaNs.  Found by afl-fuzz.

Signed-off-by: Jean-Marc Valin <jmvalin@jmvalin.ca>
---
 src/opus_multistream_encoder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opus_multistream_encoder.c b/src/opus_multistream_encoder.c
index b55ab7ac2..aa6a2672e 100644
--- a/src/opus_multistream_encoder.c
+++ b/src/opus_multistream_encoder.c
@@ -202,7 +202,7 @@ static opus_val16 logSum(opus_val16 a, opus_val16 b)
       max = b;
       diff = SUB32(EXTEND32(b),EXTEND32(a));
    }
-   if (diff >= QCONST16(8.f, DB_SHIFT))
+   if (!(diff < QCONST16(8.f, DB_SHIFT)))  /* inverted to catch NaNs */
       return max;
 #ifdef FIXED_POINT
    low = SHR32(diff, DB_SHIFT-1);
-- 
GitLab