From 7d750052f11dd235cddb2e4be8fc3897308df68c Mon Sep 17 00:00:00 2001 From: Donat Zenichev Date: Fri, 12 May 2023 09:04:50 +0200 Subject: [PATCH] MT#57415 ilbc: accessing 428 bytes at offsets 0 and 160 overlaps It's been noticed that we are using `memcpy` for copying of the data, where the source and destination overlaps. This begets the following warning: In function 'memcpy', inlined from 'Decode' at iLBC_decode.c:254:16: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' accessing 428 bytes at offsets 0 and 160 overlaps 268 bytes at offset 160 [-Wrestrict] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'memcpy', inlined from 'Decode' at iLBC_decode.c:302:16: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' accessing 428 bytes at offsets 0 and 160 overlaps 268 bytes at offset 160 [-Wrestrict] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /usr/include/string.h:495, from iLBC_encode.c:15: In function 'memcpy', inlined from 'iLBC_encode' at iLBC_encode.c:311:16: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' accessing 428 bytes at offsets 0 and 160 overlaps 268 bytes at offset 160 [-Wrestrict] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'memcpy', inlined from 'iLBC_encode' at iLBC_encode.c:389:16: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' accessing 428 bytes at offsets 0 and 160 overlaps 268 bytes at offset 160 [-Wrestrict] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The problem is that `memcpy` should not be used, when dst memory overlaps with src memory. We should update such usage of `memcpy` and swap it with `memmove` From the manpage of the `memcpy`: >> The memory areas should not overlap. Use memmove(3) if the memory areas do overlap. Change-Id: I5e3e65587fad92c91bb298e4e5415db1fd0c0371 --- core/plug-in/ilbc/iLBC_rfc3951/iLBC_decode.c | 19 ++++--------------- core/plug-in/ilbc/iLBC_rfc3951/iLBC_encode.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 29 deletions(-) diff --git a/core/plug-in/ilbc/iLBC_rfc3951/iLBC_decode.c b/core/plug-in/ilbc/iLBC_rfc3951/iLBC_decode.c index 4fcdea3e..b1f0a597 100644 --- a/core/plug-in/ilbc/iLBC_rfc3951/iLBC_decode.c +++ b/core/plug-in/ilbc/iLBC_rfc3951/iLBC_decode.c @@ -250,16 +250,8 @@ memLfTbl[subcount], SUBL, CB_NSTAGES); /* update memory */ - - memcpy(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); - memcpy(mem+CB_MEML-SUBL, - - - - - - &decresidual[(start+1+subframe)*SUBL], - SUBL*sizeof(float)); + memmove(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); + memcpy(mem+CB_MEML-SUBL, &decresidual[(start+1+subframe)*SUBL], SUBL*sizeof(float)); subcount++; @@ -298,11 +290,8 @@ SUBL, CB_NSTAGES); /* update memory */ - - memcpy(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); - memcpy(mem+CB_MEML-SUBL, - &reverseDecresidual[subframe*SUBL], - SUBL*sizeof(float)); + memmove(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); + memcpy(mem+CB_MEML-SUBL, &reverseDecresidual[subframe*SUBL], SUBL*sizeof(float)); subcount++; } diff --git a/core/plug-in/ilbc/iLBC_rfc3951/iLBC_encode.c b/core/plug-in/ilbc/iLBC_rfc3951/iLBC_encode.c index 46364140..4364ba2d 100644 --- a/core/plug-in/ilbc/iLBC_rfc3951/iLBC_encode.c +++ b/core/plug-in/ilbc/iLBC_rfc3951/iLBC_encode.c @@ -307,16 +307,8 @@ memLfTbl[subcount], SUBL, CB_NSTAGES); /* update memory */ - - memcpy(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); - memcpy(mem+CB_MEML-SUBL, - - - - - - &decresidual[(start+1+subframe)*SUBL], - SUBL*sizeof(float)); + memmove(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); + memcpy(mem+CB_MEML-SUBL, &decresidual[(start+1+subframe)*SUBL], SUBL*sizeof(float)); memset(weightState, 0, LPC_FILTERORDER*sizeof(float)); subcount++; @@ -386,10 +378,8 @@ /* update memory */ - memcpy(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); - memcpy(mem+CB_MEML-SUBL, - &reverseDecresidual[subframe*SUBL], - SUBL*sizeof(float)); + memmove(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); + memcpy(mem+CB_MEML-SUBL, &reverseDecresidual[subframe*SUBL], SUBL*sizeof(float)); memset(weightState, 0, LPC_FILTERORDER*sizeof(float)); subcount++;