From 3f92402cdfbe7364688dd419178d6361267d686d Mon Sep 17 00:00:00 2001
From: Tommy Vaillancourt <Tommy.vaillancourt@Usherbrooke.ca>
Date: Fri, 5 Dec 2025 14:31:29 -0500
Subject: [PATCH 1/4] Fix proposal for 2264, out-of-bound access in log2

---
 lib_com/log2.c            | 7 +++++--
 lib_com/options.h         | 2 +-
 lib_enc/swb_pre_proc_fx.c | 3 +++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib_com/log2.c b/lib_com/log2.c
index 70e6b93c0..8fa3a7120 100644
--- a/lib_com/log2.c
+++ b/lib_com/log2.c
@@ -57,10 +57,13 @@ Word16 Log2_norm_lc(            /* (o) : Fractional part of Log2. (range: 0<=val
 {
     Word16 i, a;
     Word16 y;
-
+#ifndef FIX_2264_OUT_OF_BOUND_READING_IN_LOG2_NORM_LC
     if ( L_x <= 0 )
         L_x = L_deposit_h( 0x4000 );
-
+#else
+    assert( L_x >= 0x40000000 ); /* If assert fail, means input is not normalized as it should be */
+    L_x = L_max( L_x, 0x40000000 );
+#endif
     L_x = L_shr( L_x, 9 );
     a = extract_l( L_x ); /* Extract b10-b24 of fraction */
     a = lshr( a, 1 );
diff --git a/lib_com/options.h b/lib_com/options.h
index e9b94dbad..2b9461b2c 100644
--- a/lib_com/options.h
+++ b/lib_com/options.h
@@ -97,7 +97,7 @@
 #define FIX_2015_PREMPH_SAT_ALT_PART2                   /* VA: Add missing scaling factor to be passed to AVQ_cod() */
 #define FIX_2253_CORRECT_GSC_MINIMUM_PIT_SEARCH         /* VA: Fix Issue 2253 where the encoder and decoder could get out of sync */
 #define NONBE_FIX_1967_SBA_DECODER_MONO_OUT_BIG_DIFFERENCES /* Dolby: Fix basop issue 1967 */
-
+#define FIX_2264_OUT_OF_BOUND_READING_IN_LOG2_NORM_LC   /* VA: Fix issue 2264 by adding a proper safeguard in log2 and by adding a missing normalization in swb_pre_proc_ivas_fx()*/
 /* ##################### End NON-BE switches ########################### */
 
 /* ################## End MAINTENANCE switches ######################### */
diff --git a/lib_enc/swb_pre_proc_fx.c b/lib_enc/swb_pre_proc_fx.c
index a966f70cc..a2ade8d3b 100644
--- a/lib_enc/swb_pre_proc_fx.c
+++ b/lib_enc/swb_pre_proc_fx.c
@@ -1125,6 +1125,9 @@ void swb_pre_proc_ivas_fx(
                 CldfbHB_fx = EPSILON_FX;
                 move32();
             }
+#ifdef FIX_2264_OUT_OF_BOUND_READING_IN_LOG2_NORM_LC 
+            exp = norm_l( CldfbHB_fx );
+#endif
             CldfbHB_fx = L_shl( CldfbHB_fx, exp );   /* CldfbHB_ener = CldfbHB_fl*2^(exp) */
             Cldfbtemp1 = Log2_norm_lc( CldfbHB_fx ); /* Log2_norm_lc(t) = 2^15*(log2(t/2^30)) */
             Cldfbtemp1 = sub( shr( Cldfbtemp1, 6 ), shl( add( sub( Q31 - Q30, CldfbHB_fx_e ), exp ), 9 ) );
-- 
GitLab


From 84d67a562f66c8375ee609760e62e8a917450692 Mon Sep 17 00:00:00 2001
From: Tommy Vaillancourt <Tommy.vaillancourt@Usherbrooke.ca>
Date: Fri, 5 Dec 2025 14:41:35 -0500
Subject: [PATCH 2/4] fix clang

---
 lib_enc/swb_pre_proc_fx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib_enc/swb_pre_proc_fx.c b/lib_enc/swb_pre_proc_fx.c
index a2ade8d3b..ffdb1d454 100644
--- a/lib_enc/swb_pre_proc_fx.c
+++ b/lib_enc/swb_pre_proc_fx.c
@@ -1125,7 +1125,7 @@ void swb_pre_proc_ivas_fx(
                 CldfbHB_fx = EPSILON_FX;
                 move32();
             }
-#ifdef FIX_2264_OUT_OF_BOUND_READING_IN_LOG2_NORM_LC 
+#ifdef FIX_2264_OUT_OF_BOUND_READING_IN_LOG2_NORM_LC
             exp = norm_l( CldfbHB_fx );
 #endif
             CldfbHB_fx = L_shl( CldfbHB_fx, exp );   /* CldfbHB_ener = CldfbHB_fl*2^(exp) */
-- 
GitLab


From d951d39c03f3a5090214e2c34a91f18539053c65 Mon Sep 17 00:00:00 2001
From: Tommy Vaillancourt <Tommy.vaillancourt@Usherbrooke.ca>
Date: Fri, 5 Dec 2025 15:06:05 -0500
Subject: [PATCH 3/4] Prevent the assert to catch cases that are == 0

---
 lib_com/log2.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib_com/log2.c b/lib_com/log2.c
index 8fa3a7120..850090270 100644
--- a/lib_com/log2.c
+++ b/lib_com/log2.c
@@ -61,7 +61,9 @@ Word16 Log2_norm_lc(            /* (o) : Fractional part of Log2. (range: 0<=val
     if ( L_x <= 0 )
         L_x = L_deposit_h( 0x4000 );
 #else
-    assert( L_x >= 0x40000000 ); /* If assert fail, means input is not normalized as it should be */
+        
+    if ( L_x > 0 )                   /* There are many cases in the code where L_x == 0 */
+        assert( L_x >= 0x40000000 ); /* If assert fail, means input is not normalized as it should be */
     L_x = L_max( L_x, 0x40000000 );
 #endif
     L_x = L_shr( L_x, 9 );
-- 
GitLab


From a16ec4a74b180e3f949b544d40fb69f35f897812 Mon Sep 17 00:00:00 2001
From: Tommy Vaillancourt <Tommy.vaillancourt@Usherbrooke.ca>
Date: Fri, 5 Dec 2025 15:08:44 -0500
Subject: [PATCH 4/4] Fix clang

---
 lib_com/log2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib_com/log2.c b/lib_com/log2.c
index 850090270..42b1f1b3d 100644
--- a/lib_com/log2.c
+++ b/lib_com/log2.c
@@ -61,7 +61,7 @@ Word16 Log2_norm_lc(            /* (o) : Fractional part of Log2. (range: 0<=val
     if ( L_x <= 0 )
         L_x = L_deposit_h( 0x4000 );
 #else
-        
+
     if ( L_x > 0 )                   /* There are many cases in the code where L_x == 0 */
         assert( L_x >= 0x40000000 ); /* If assert fail, means input is not normalized as it should be */
     L_x = L_max( L_x, 0x40000000 );
-- 
GitLab