From 62b341545779b8f1cc57e747b0d2dd7790201286 Mon Sep 17 00:00:00 2001
From: vaclav <vaclav.eksler@usherbrooke.ca>
Date: Mon, 9 Oct 2023 16:12:57 +0200
Subject: [PATCH 1/3] issue 520: Remove memmove() from JBM code; under
 FIX_520_REMOVE_MEMMOVE_JBM

---
 lib_com/options.h                |  2 +-
 lib_dec/jbm_jb4_circularbuffer.c | 21 ++++++++++++++++++---
 lib_dec/jbm_jb4_inputbuffer.c    | 18 +++++++++++++++++-
 3 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/lib_com/options.h b/lib_com/options.h
index 89f4a28754..e24efc9578 100644
--- a/lib_com/options.h
+++ b/lib_com/options.h
@@ -165,7 +165,7 @@
 #define FIX_818_DOUBLE_PREC_KERNEL_SW                   /* FhG: Issue 818: Avoid double precision in kernel switching */
 #define FIX_822_REFACTOR_BIN_REVERB_OPEN                /* Nokia: Addresses first step of issue 822 by refactoring ivas_binaural_reverb_open */
 #define FIX_847_OUTPUT_PCM_BUFFER                       /* VA: issue 847: Allocate decoder output PCM buffer dynamically */
-
+#define FIX_520_REMOVE_MEMMOVE_JBM                      /* VA: issue 520: Remove memmove() from JBM code */
 
 /* #################### End BE switches ################################## */
 
diff --git a/lib_dec/jbm_jb4_circularbuffer.c b/lib_dec/jbm_jb4_circularbuffer.c
index e68b3e170e..ef3bc45af2 100644
--- a/lib_dec/jbm_jb4_circularbuffer.c
+++ b/lib_dec/jbm_jb4_circularbuffer.c
@@ -53,7 +53,7 @@
  * @param[in,out] size size of elements buffer
  * @param[in]     capacity maximum number of elements to buffer
  * @param[in]     newElement element to insert in buffer if great enough */
-static void JB4_CIRCULARBUFFER_calcPercentile( JB4_CIRCULARBUFFER_ELEMENT *elements, uint16_t *size, uint16_t capacity, JB4_CIRCULARBUFFER_ELEMENT newElement );
+static void JB4_CIRCULARBUFFER_calcPercentile( JB4_CIRCULARBUFFER_ELEMENT *elements, uint16_t *size, const uint16_t capacity, JB4_CIRCULARBUFFER_ELEMENT newElement );
 
 /** circular buffer (FIFO) with fixed capacity */
 struct JB4_CIRCULARBUFFER
@@ -70,7 +70,8 @@ struct JB4_CIRCULARBUFFER
 
 
 /* Creates a circular buffer (FIFO) */
-ivas_error JB4_CIRCULARBUFFER_Create( JB4_CIRCULARBUFFER_HANDLE *ph )
+ivas_error JB4_CIRCULARBUFFER_Create(
+    JB4_CIRCULARBUFFER_HANDLE *ph )
 {
     JB4_CIRCULARBUFFER_HANDLE h;
 
@@ -433,7 +434,7 @@ void JB4_CIRCULARBUFFER_MinAndPercentile(
 static void JB4_CIRCULARBUFFER_calcPercentile(
     JB4_CIRCULARBUFFER_ELEMENT *elements,
     uint16_t *size,
-    uint16_t capacity,
+    const uint16_t capacity,
     JB4_CIRCULARBUFFER_ELEMENT newElement )
 {
     uint16_t i;
@@ -446,7 +447,14 @@ static void JB4_CIRCULARBUFFER_calcPercentile(
             if ( newElement <= elements[i] )
             {
                 /* insert newElement at index i */
+#ifdef FIX_520_REMOVE_MEMMOVE_JBM
+                for ( int16_t j = ( *size - i ); j >= 0; j-- )
+                {
+                    elements[i + 1 + j] = elements[i + j];
+                }
+#else
                 memmove( elements + i + 1, elements + i, ( *size - i ) * sizeof( JB4_CIRCULARBUFFER_ELEMENT ) ); /* IVAS_fmToDo: avoid use of memmove() */
+#endif
                 elements[i] = newElement;
                 ++*size;
                 return;
@@ -470,7 +478,14 @@ static void JB4_CIRCULARBUFFER_calcPercentile(
         if ( newElement >= elements[i] )
         {
             /* insert newElement at index i */
+#ifdef FIX_520_REMOVE_MEMMOVE_JBM
+            for ( int16_t j = 0; j < i; j++ )
+            {
+                elements[j] = elements[1 + j];
+            }
+#else
             memmove( elements, elements + 1, i * sizeof( JB4_CIRCULARBUFFER_ELEMENT ) );
+#endif
             elements[i] = newElement;
             return;
         }
diff --git a/lib_dec/jbm_jb4_inputbuffer.c b/lib_dec/jbm_jb4_inputbuffer.c
index 925e35dfff..4badb31a06 100644
--- a/lib_dec/jbm_jb4_inputbuffer.c
+++ b/lib_dec/jbm_jb4_inputbuffer.c
@@ -210,12 +210,14 @@ int16_t JB4_INPUTBUFFER_Enque(
         }
     }
 
+#ifdef DEBUGGING
     assert( h->compareFunction( element, JB4_INPUTBUFFER_Element( h, low ), &replace ) != 0 );
     if ( low > 0 )
         assert( h->compareFunction( element, JB4_INPUTBUFFER_Element( h, low - 1 ), &replace ) > 0 );
     assert( h->compareFunction( element, JB4_INPUTBUFFER_Element( h, low ), &replace ) < 0 );
     if ( (uint16_t) ( low + 1 ) < size )
         assert( h->compareFunction( element, JB4_INPUTBUFFER_Element( h, low + 1 ), &replace ) < 0 );
+#endif
 
     insertPos = ( h->readPos + low ) % h->capacity;
     if ( h->readPos < h->writePos )
@@ -234,7 +236,14 @@ int16_t JB4_INPUTBUFFER_Enque(
     if ( canMoveRight )
     {
         /* move higher elements to the right and insert at insertPos */
+#ifdef FIX_520_REMOVE_MEMMOVE_JBM
+        for ( int16_t j = h->writePos - insertPos; j >= 0; j-- )
+        {
+            h->data[insertPos + 1 + j] = h->data[insertPos + j];
+        }
+#else
         memmove( h->data + insertPos + 1, h->data + insertPos, ( h->writePos - insertPos ) * sizeof( JB4_INPUTBUFFER_ELEMENT ) ); /* IVAS_fmToDo: avoid use of memmove() */
+#endif
         h->data[insertPos] = element;
         ++h->writePos;
         if ( h->writePos == h->capacity )
@@ -245,7 +254,14 @@ int16_t JB4_INPUTBUFFER_Enque(
     else
     {
         /* move lower elements to the left and insert before insertPos */
-        memmove( h->data + h->readPos - 1, h->data + h->readPos, low * sizeof( JB4_INPUTBUFFER_ELEMENT ) ); /* IVAS_fmToDo: avoid use of memmove() */
+#ifdef FIX_520_REMOVE_MEMMOVE_JBM
+        for ( int16_t j = 0; j < low; j++ )
+        {
+            h->data[h->readPos - 1 + j] = h->data[h->readPos + j];
+        }
+#else
+        memmove( h->data + h->readPos - 1, h->data + h->readPos, low * sizeof( JB4_INPUTBUFFER_ELEMENT ) );                       /* IVAS_fmToDo: avoid use of memmove() */
+#endif
         h->data[insertPos - 1] = element;
         --h->readPos;
         assert( (int16_t) h->readPos >= 0 );
-- 
GitLab


From f51fdfe4880bd828e81215aa131075cf06fa40dc Mon Sep 17 00:00:00 2001
From: Kacper Sagnowski <kacper.sagnowski@iis.fraunhofer.de>
Date: Wed, 11 Oct 2023 13:48:14 +0200
Subject: [PATCH 2/3] Fix out-of-bounds accesses

---
 lib_dec/jbm_jb4_circularbuffer.c | 9 ++++++---
 lib_dec/jbm_jb4_inputbuffer.c    | 7 +++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib_dec/jbm_jb4_circularbuffer.c b/lib_dec/jbm_jb4_circularbuffer.c
index ef3bc45af2..a1a7ad76f6 100644
--- a/lib_dec/jbm_jb4_circularbuffer.c
+++ b/lib_dec/jbm_jb4_circularbuffer.c
@@ -438,6 +438,9 @@ static void JB4_CIRCULARBUFFER_calcPercentile(
     JB4_CIRCULARBUFFER_ELEMENT newElement )
 {
     uint16_t i;
+#ifdef FIX_520_REMOVE_MEMMOVE_JBM
+    uint16_t j;
+#endif
 
     /* insert newElement if elements buffer is not yet full */
     if ( *size < capacity )
@@ -448,9 +451,9 @@ static void JB4_CIRCULARBUFFER_calcPercentile(
             {
                 /* insert newElement at index i */
 #ifdef FIX_520_REMOVE_MEMMOVE_JBM
-                for ( int16_t j = ( *size - i ); j >= 0; j-- )
+                for ( j = *size; j > i; --j )
                 {
-                    elements[i + 1 + j] = elements[i + j];
+                    elements[j] = elements[j - 1];
                 }
 #else
                 memmove( elements + i + 1, elements + i, ( *size - i ) * sizeof( JB4_CIRCULARBUFFER_ELEMENT ) ); /* IVAS_fmToDo: avoid use of memmove() */
@@ -479,7 +482,7 @@ static void JB4_CIRCULARBUFFER_calcPercentile(
         {
             /* insert newElement at index i */
 #ifdef FIX_520_REMOVE_MEMMOVE_JBM
-            for ( int16_t j = 0; j < i; j++ )
+            for ( j = 0; j < i; j++ )
             {
                 elements[j] = elements[1 + j];
             }
diff --git a/lib_dec/jbm_jb4_inputbuffer.c b/lib_dec/jbm_jb4_inputbuffer.c
index 4badb31a06..467047f984 100644
--- a/lib_dec/jbm_jb4_inputbuffer.c
+++ b/lib_dec/jbm_jb4_inputbuffer.c
@@ -151,6 +151,9 @@ int16_t JB4_INPUTBUFFER_Enque(
     uint16_t canMoveRight;
     uint16_t canMoveLeft;
     bool replace;
+#ifdef FIX_520_REMOVE_MEMMOVE_JBM
+    uint16_t j;
+#endif
     *replacedElement = NULL;
 
     size = JB4_INPUTBUFFER_Size( h );
@@ -237,9 +240,9 @@ int16_t JB4_INPUTBUFFER_Enque(
     {
         /* move higher elements to the right and insert at insertPos */
 #ifdef FIX_520_REMOVE_MEMMOVE_JBM
-        for ( int16_t j = h->writePos - insertPos; j >= 0; j-- )
+        for ( j = h->writePos; j > insertPos; --j )
         {
-            h->data[insertPos + 1 + j] = h->data[insertPos + j];
+            h->data[j] = h->data[j - 1];
         }
 #else
         memmove( h->data + insertPos + 1, h->data + insertPos, ( h->writePos - insertPos ) * sizeof( JB4_INPUTBUFFER_ELEMENT ) ); /* IVAS_fmToDo: avoid use of memmove() */
-- 
GitLab


From 20f53787fedbdda6a15d7a6ab80abd085ffbd2a8 Mon Sep 17 00:00:00 2001
From: Kacper Sagnowski <kacper.sagnowski@iis.fraunhofer.de>
Date: Wed, 11 Oct 2023 14:33:04 +0200
Subject: [PATCH 3/3] Fix warning on Windows

---
 lib_dec/jbm_jb4_inputbuffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib_dec/jbm_jb4_inputbuffer.c b/lib_dec/jbm_jb4_inputbuffer.c
index 467047f984..99f6c3ae2d 100644
--- a/lib_dec/jbm_jb4_inputbuffer.c
+++ b/lib_dec/jbm_jb4_inputbuffer.c
@@ -258,7 +258,7 @@ int16_t JB4_INPUTBUFFER_Enque(
     {
         /* move lower elements to the left and insert before insertPos */
 #ifdef FIX_520_REMOVE_MEMMOVE_JBM
-        for ( int16_t j = 0; j < low; j++ )
+        for ( j = 0; j < low; j++ )
         {
             h->data[h->readPos - 1 + j] = h->data[h->readPos + j];
         }
-- 
GitLab