From 985b8278e64b41465dae3b2d8201627430bb0042 Mon Sep 17 00:00:00 2001
From: Sandesh Venkatesh <sandesh.venkatesh@ittiam.com>
Date: Sat, 17 Aug 2024 13:52:55 +0530
Subject: [PATCH] Fix for 3gpp issue 831: ASAN - write to nullptr in stereo
 encoder at 64kbps possible

---
 lib_enc/igf_enc.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib_enc/igf_enc.c b/lib_enc/igf_enc.c
index c6b29a9d0..ccab94255 100644
--- a/lib_enc/igf_enc.c
+++ b/lib_enc/igf_enc.c
@@ -1256,8 +1256,18 @@ static void IGF_CalculateStereoEnvelope_fx(
 
                         IF( last_core_acelp || hPrivateData->wasTransient || EQ_32( hPrivateData->prevDampingFactor_IIR_fx[sfb], L_shl( -1, sub( 15, hPrivateData->prevDampingFactor_IIR_e[sfb] ) ) ) )
                         {
-                            hPrivateData->prevDampingFactor_IIR_fx[sfb] = s_max( currDampingFactor_fx, shr( 3277 /*0.1f * 32767*/, currDampingFactor_e ) ); /*resultant exponent stored in hPrivateData->prevDampingFactor_IIR_e[sfb]*/
-                            hPrivateData->prevDampingFactor_IIR_e[sfb] = currDampingFactor_e;
+                            tmp = BASOP_Util_Cmp_Mant32Exp( currDampingFactor_fx, currDampingFactor_e, 3277, 0 );
+                            IF( tmp >= 0 )
+                            {
+                                hPrivateData->prevDampingFactor_IIR_fx[sfb] = currDampingFactor_fx;
+                                hPrivateData->prevDampingFactor_IIR_e[sfb] = currDampingFactor_e;
+                            }
+                            ELSE
+                            {
+                                hPrivateData->prevDampingFactor_IIR_fx[sfb] = 3277; /* 0.1 in Q15 */
+                                hPrivateData->prevDampingFactor_IIR_e[sfb] = 0;
+                            }
+
                             move16();
                             move16();
                         }
-- 
GitLab