From 8c4d014e2919992584625cc15c0e0b10e30388fe Mon Sep 17 00:00:00 2001
From: Marco Nelissen <marcone@google.com>
Date: Tue, 5 Jan 2016 11:24:52 -0800
Subject: Fix more potential (benign) AMRWB overflows

Bug: 25843966
Change-Id: I18003aa20be1ff0a93473ecd8b4995861bed8c89
---
 media/libstagefright/codecs/amrwbenc/src/updt_tar.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'media/libstagefright/codecs/amrwbenc/src')

diff --git a/media/libstagefright/codecs/amrwbenc/src/updt_tar.c b/media/libstagefright/codecs/amrwbenc/src/updt_tar.c
index f312ca3..ba7c2ff 100644
--- a/media/libstagefright/codecs/amrwbenc/src/updt_tar.c
+++ b/media/libstagefright/codecs/amrwbenc/src/updt_tar.c
@@ -33,12 +33,13 @@ void Updt_tar(
          )
 {
     Word32 i;
-    Word32 L_tmp;
+    Word32 L_tmp, L_tmp2;
 
     for (i = 0; i < L; i++)
     {
         L_tmp = x[i] << 15;
-        L_tmp -= (y[i] * gain)<<1;
+        L_tmp2 = L_mult(y[i], gain);
+        L_tmp = L_sub(L_tmp, L_tmp2);
         x2[i] = extract_h(L_shl2(L_tmp, 1));
     }
 
-- 
cgit v1.1