From 9367ef1ed6b78d6bc078620009e383b3deae60b2 Mon Sep 17 00:00:00 2001
From: William Wilgus <wilgus.william@gmail.com>
Date: Wed, 4 Jan 2023 21:52:59 -0500
Subject: [BugFix] Fix some Shif related UB -- ASAN

these are the low hanging fruit identified by ASAN

cast the byte values before shift

Change-Id: Ifc5645354a10c15ccd09d1343e1705857a51e011
---
 firmware/export/pcm_sampr.h              |  6 +++---
 lib/rbcodec/codecs/libopus/ogg/framing.c |  5 +++--
 lib/rbcodec/metadata/metadata_common.c   | 27 ++++++++++++++++-----------
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/firmware/export/pcm_sampr.h b/firmware/export/pcm_sampr.h
index 70f2dc2ba2..fc48a943fd 100644
--- a/firmware/export/pcm_sampr.h
+++ b/firmware/export/pcm_sampr.h
@@ -427,10 +427,10 @@ extern const unsigned long rec_freq_sampr[REC_NUM_FREQ];
 
 #ifdef CONFIG_SAMPR_TYPES
 
-#define SAMPR_TYPE_MASK (0xff << 24)
-#define SAMPR_TYPE_PLAY (0x00 << 24)
+#define SAMPR_TYPE_MASK (0xffu << 24)
+#define SAMPR_TYPE_PLAY (0x00u << 24)
 #ifdef HAVE_RECORDING
-#define SAMPR_TYPE_REC  (0x01 << 24)
+#define SAMPR_TYPE_REC  (0x01u << 24)
 #endif
 
 #ifndef PCM_SAMPR_CONFIG_ONLY
diff --git a/lib/rbcodec/codecs/libopus/ogg/framing.c b/lib/rbcodec/codecs/libopus/ogg/framing.c
index a7032a6a35..eb32351590 100644
--- a/lib/rbcodec/codecs/libopus/ogg/framing.c
+++ b/lib/rbcodec/codecs/libopus/ogg/framing.c
@@ -235,8 +235,9 @@ static int _os_lacing_expand(ogg_stream_state *os,long needed){
    perform the checksum simultaneously with other copies */
 
 static ogg_uint32_t _os_update_crc(ogg_uint32_t crc, unsigned char *buffer, int size){
+  #define u32(v) (uint32_t)v
   while (size>=8){
-    crc^=buffer[0]<<24|buffer[1]<<16|buffer[2]<<8|buffer[3];
+    crc^=((u32(buffer[0]))<<24)|((u32(buffer[1]))<<16)|((u32(buffer[2]))<<8)|(u32(buffer[3]));
 
     crc=crc_lookup[7][ crc>>24      ]^crc_lookup[6][(crc>>16)&0xFF]^
         crc_lookup[5][(crc>> 8)&0xFF]^crc_lookup[4][ crc     &0xFF]^
@@ -246,7 +247,7 @@ static ogg_uint32_t _os_update_crc(ogg_uint32_t crc, unsigned char *buffer, int
     buffer+=8;
     size-=8;
   }
-
+  #undef u32
   while (size--)
     crc=(crc<<8)^crc_lookup[0][((crc >> 24)&0xff)^*buffer++];
   return crc;
diff --git a/lib/rbcodec/metadata/metadata_common.c b/lib/rbcodec/metadata/metadata_common.c
index 8eec16a877..f051c94e2c 100644
--- a/lib/rbcodec/metadata/metadata_common.c
+++ b/lib/rbcodec/metadata/metadata_common.c
@@ -148,17 +148,20 @@ int read_uint64le(int fd, uint64_t* buf)
 uint64_t get_uint64_le(void* buf)
 {
     unsigned char* p = (unsigned char*) buf;
-
-    return ((uint64_t)p[0]) | ((uint64_t)p[1] << 8)  | ((uint64_t)p[2] << 16) | ((uint64_t)p[3] << 24) | ((uint64_t)p[4] << 32) |
-                  ((uint64_t)p[5] << 40) | ((uint64_t)p[6] << 48) | ((uint64_t)p[7] << 56);
+    #define u64(v) (uint64_t)v
+    return (u64(p[0])) | ((u64(p[1])) << 8)  | ((u64(p[2])) << 16)
+        | ((u64(p[3])) << 24) | ((u64(p[4])) << 32) |((u64(p[5])) << 40)
+        | ((u64(p[6])) << 48) | ((u64(p[7])) << 56);
+    #undef u64
 }
 
 /* Read an unaligned 32-bit little endian long from buffer. */
 uint32_t get_long_le(void* buf)
 {
     unsigned char* p = (unsigned char*) buf;
-
-    return p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
+    #define u32(v) (uint32_t)v
+    return (u32(p[0])) | ((u32(p[1])) << 8) | ((u32(p[2])) << 16) | ((u32(p[3])) << 24);
+    #undef u32
 }
 
 /* Read an unaligned 16-bit little endian short from buffer. */
@@ -166,15 +169,16 @@ uint16_t get_short_le(void* buf)
 {
     unsigned char* p = (unsigned char*) buf;
 
-    return p[0] | (p[1] << 8);
+    return ((uint16_t)p[0]) | (((uint16_t)p[1]) << 8);
 }
 
 /* Read an unaligned 32-bit big endian long from buffer. */
 uint32_t get_long_be(void* buf)
 {
     unsigned char* p = (unsigned char*) buf;
-
-    return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+    #define u32(v) (uint32_t)v
+    return ((u32(p[0])) << 24) | ((u32(p[1])) << 16) | ((u32(p)[2]) << 8) | (u32(p[3]));
+    #undef u32
 }
 
 /* Read an unaligned 16-bit little endian short from buffer. */
@@ -182,15 +186,16 @@ uint16_t get_short_be(void* buf)
 {
     unsigned char* p = (unsigned char*) buf;
 
-    return (p[0] << 8) | p[1];
+    return (((uint16_t)p[0]) << 8) | ((uint16_t)p[1]);
 }
 
 /* Read an unaligned 32-bit little endian long from buffer. */
 int32_t get_slong(void* buf)
 {
     unsigned char* p = (unsigned char*) buf;
-
-    return p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
+    #define i32(v) (int32_t)v
+    return (i32(p[0])) | ((i32(p[1])) << 8) | ((i32(p[2])) << 16) | ((i32(p[3])) << 24);
+    #undef i32
 }
 
 uint32_t get_itunes_int32(char* value, int count)
-- 
cgit