From 701835f0ce88a1226991315d5b6963be2fb78810 Mon Sep 17 00:00:00 2001 From: Markus Multrus Date: Fri, 12 Dec 2025 13:29:40 +0100 Subject: [PATCH 1/2] fix for UBSAN issue in RC context mapping --- lib_com/options.h | 1 + lib_dec/ACcontextMapping_dec.c | 8 ++++++++ lib_enc/ACcontextMapping_enc.c | 16 ++++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/lib_com/options.h b/lib_com/options.h index 59daf40a86..361feec2fa 100644 --- a/lib_com/options.h +++ b/lib_com/options.h @@ -162,6 +162,7 @@ /*#define FIX_I4_OL_PITCH*/ /* fix open-loop pitch used for EVS core switching */ #define TMP_1342_WORKAROUND_DEC_FLUSH_BROKEN_IN_SR /* FhG: Temporary workaround for incorrect implementation of decoder flush with split rendering */ #define NONBE_1122_KEEP_EVS_MODE_UNCHANGED /* FhG: Disables fix for issue 1122 in EVS mode to keep BE tests green. This switch should be removed once the 1122 fix is added to EVS via a CR. */ +#define FIX_1464_UBSAN_RC_CONTEXT_MAP /* FhG: BE UBSAN fix for float issue 1464 in the TCX range coder */ /* #################### End BE switches ################################## */ diff --git a/lib_dec/ACcontextMapping_dec.c b/lib_dec/ACcontextMapping_dec.c index 9b2ea07e81..601f79e1f8 100644 --- a/lib_dec/ACcontextMapping_dec.c +++ b/lib_dec/ACcontextMapping_dec.c @@ -560,7 +560,11 @@ int16_t RCcontextMapping_decode2_no_mem_s17_LCS( else /* if(!hm_cfg) */ { int16_t c, rateQ; +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + uint32_t s; +#else uint16_t s; +#endif /* Rate flag */ if ( nbbits > 400 ) @@ -664,7 +668,11 @@ int16_t RCcontextMapping_decode2_no_mem_s17_LCS( s = s << 4; /*Shift old 4 bits*/ s = s + c; /*replace last 4 bits*/ +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + t = (uint16_t) ( s & 0xFF ); +#else t = s & 0xFF; +#endif } /* Decode signs */ diff --git a/lib_enc/ACcontextMapping_enc.c b/lib_enc/ACcontextMapping_enc.c index fc960d8a08..2b4435a084 100644 --- a/lib_enc/ACcontextMapping_enc.c +++ b/lib_enc/ACcontextMapping_enc.c @@ -870,7 +870,11 @@ void RCcontextMapping_encode2_no_mem_s17_LCS( { int16_t cp; int16_t esc_nb, rateQ; +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + uint32_t s; +#else uint16_t s; +#endif /* Rate flag */ if ( nbbits > 400 ) @@ -964,7 +968,11 @@ void RCcontextMapping_encode2_no_mem_s17_LCS( /*Shift old 4 bits, replace last 4 bits*/ s = ( s << 4 ) + cp; +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + t = (uint16_t) ( s & 0xFF ); +#else t = s & 0xFF; +#endif } /*end of the 2-tuples loop*/ } @@ -1236,7 +1244,11 @@ int16_t RCcontextMapping_encode2_estimate_no_mem_s17_LCS( else /* if (!hm_cfg) */ { int16_t esc_nb, cp, rateQ; +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + uint32_t s; +#else uint16_t s; +#endif int16_t tot_bits2; int16_t overflow_flag = 0; @@ -1338,7 +1350,11 @@ int16_t RCcontextMapping_encode2_estimate_no_mem_s17_LCS( } /*shift old bits and replace last 4 bits*/ s = ( s << 4 ) + cp; +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + t = (uint16_t) ( s & 0xFF ); +#else t = s & 0xFF; +#endif } /*end of the 2-tuples loop*/ -- GitLab From d19289b26137b9dc279b209564c43d14d2d8f445 Mon Sep 17 00:00:00 2001 From: Markus Multrus Date: Fri, 12 Dec 2025 15:13:53 +0100 Subject: [PATCH 2/2] alternative patch --- lib_dec/ACcontextMapping_dec.c | 11 +++-------- lib_enc/ACcontextMapping_enc.c | 23 +++++++---------------- 2 files changed, 10 insertions(+), 24 deletions(-) diff --git a/lib_dec/ACcontextMapping_dec.c b/lib_dec/ACcontextMapping_dec.c index 601f79e1f8..a51fc1434b 100644 --- a/lib_dec/ACcontextMapping_dec.c +++ b/lib_dec/ACcontextMapping_dec.c @@ -560,11 +560,7 @@ int16_t RCcontextMapping_decode2_no_mem_s17_LCS( else /* if(!hm_cfg) */ { int16_t c, rateQ; -#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP - uint32_t s; -#else uint16_t s; -#endif /* Rate flag */ if ( nbbits > 400 ) @@ -666,13 +662,12 @@ int16_t RCcontextMapping_decode2_no_mem_s17_LCS( c = 12 + esc_nb; } +#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP + s = s & 0x0F; +#endif s = s << 4; /*Shift old 4 bits*/ s = s + c; /*replace last 4 bits*/ -#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP - t = (uint16_t) ( s & 0xFF ); -#else t = s & 0xFF; -#endif } /* Decode signs */ diff --git a/lib_enc/ACcontextMapping_enc.c b/lib_enc/ACcontextMapping_enc.c index 2b4435a084..dd635d87c4 100644 --- a/lib_enc/ACcontextMapping_enc.c +++ b/lib_enc/ACcontextMapping_enc.c @@ -870,11 +870,7 @@ void RCcontextMapping_encode2_no_mem_s17_LCS( { int16_t cp; int16_t esc_nb, rateQ; -#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP - uint32_t s; -#else uint16_t s; -#endif /* Rate flag */ if ( nbbits > 400 ) @@ -967,12 +963,11 @@ void RCcontextMapping_encode2_no_mem_s17_LCS( } /*Shift old 4 bits, replace last 4 bits*/ - s = ( s << 4 ) + cp; #ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP - t = (uint16_t) ( s & 0xFF ); -#else - t = s & 0xFF; + s = s & 0x0F; #endif + s = ( s << 4 ) + cp; + t = s & 0xFF; } /*end of the 2-tuples loop*/ } @@ -1244,11 +1239,7 @@ int16_t RCcontextMapping_encode2_estimate_no_mem_s17_LCS( else /* if (!hm_cfg) */ { int16_t esc_nb, cp, rateQ; -#ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP - uint32_t s; -#else uint16_t s; -#endif int16_t tot_bits2; int16_t overflow_flag = 0; @@ -1348,13 +1339,13 @@ int16_t RCcontextMapping_encode2_estimate_no_mem_s17_LCS( { cp = 12 + esc_nb; } + /*shift old bits and replace last 4 bits*/ - s = ( s << 4 ) + cp; #ifdef FIX_1464_UBSAN_RC_CONTEXT_MAP - t = (uint16_t) ( s & 0xFF ); -#else - t = s & 0xFF; + s = s & 0x0F; #endif + s = ( s << 4 ) + cp; + t = s & 0xFF; } /*end of the 2-tuples loop*/ -- GitLab