diff options
author | Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de> | 2019-09-20 13:55:57 +0200 |
---|---|---|
committer | Jean-Michel Trivi <jmtrivi@google.com> | 2019-10-15 15:47:17 -0700 |
commit | f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3 (patch) | |
tree | ee98711f3901059b3da82078a7a02d3bca2beacc | |
parent | da5b0dcb3c01197b3499e0b569babcb0f5a09bbe (diff) | |
download | fdk-aac-f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3.tar.gz fdk-aac-f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3.tar.bz2 fdk-aac-f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3.zip |
Validate correct ascLen in CLatmDemux_ReadStreamMuxConfig() to overcome integer overflow in FDK_get32().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I87b53661df7a435ddf3572a0ff8b6ef84972db60
-rw-r--r-- | libMpegTPDec/src/tpdec_latm.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/libMpegTPDec/src/tpdec_latm.cpp b/libMpegTPDec/src/tpdec_latm.cpp index 2edf055..3b71db8 100644 --- a/libMpegTPDec/src/tpdec_latm.cpp +++ b/libMpegTPDec/src/tpdec_latm.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -367,10 +367,10 @@ TRANSPORTDEC_ERROR CLatmDemux_ReadStreamMuxConfig( } if (pLatmDemux->m_AudioMuxVersion == 1) { FDK_BITSTREAM tmpBs; - UINT ascLen = 0; + INT ascLen = 0; ascLen = CLatmDemux_GetValue(bs); /* The ascLen could be wrong, so check if validBits<=bufBits*/ - if (ascLen > FDKgetValidBits(bs)) { + if (ascLen < 0 || ascLen > (INT)FDKgetValidBits(bs)) { ErrorStatus = TRANSPORTDEC_PARSE_ERROR; goto bail; } |