aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de>2019-09-20 13:55:57 +0200
committerJean-Michel Trivi <jmtrivi@google.com>2019-10-15 15:47:17 -0700
commitf0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3 (patch)
treeee98711f3901059b3da82078a7a02d3bca2beacc
parentda5b0dcb3c01197b3499e0b569babcb0f5a09bbe (diff)
downloadfdk-aac-f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3.tar.gz
fdk-aac-f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3.tar.bz2
fdk-aac-f0e1e3f8c7f835a0faf259ef21a51b55e2cec1f3.zip
Validate correct ascLen in CLatmDemux_ReadStreamMuxConfig() to overcome integer overflow in FDK_get32().
Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I87b53661df7a435ddf3572a0ff8b6ef84972db60
-rw-r--r--libMpegTPDec/src/tpdec_latm.cpp6
1 files changed, 3 insertions, 3 deletions
diff --git a/libMpegTPDec/src/tpdec_latm.cpp b/libMpegTPDec/src/tpdec_latm.cpp
index 2edf055..3b71db8 100644
--- a/libMpegTPDec/src/tpdec_latm.cpp
+++ b/libMpegTPDec/src/tpdec_latm.cpp
@@ -1,7 +1,7 @@
/* -----------------------------------------------------------------------------
Software License for The Fraunhofer FDK AAC Codec Library for Android
-© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten
+© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten
Forschung e.V. All rights reserved.
1. INTRODUCTION
@@ -367,10 +367,10 @@ TRANSPORTDEC_ERROR CLatmDemux_ReadStreamMuxConfig(
}
if (pLatmDemux->m_AudioMuxVersion == 1) {
FDK_BITSTREAM tmpBs;
- UINT ascLen = 0;
+ INT ascLen = 0;
ascLen = CLatmDemux_GetValue(bs);
/* The ascLen could be wrong, so check if validBits<=bufBits*/
- if (ascLen > FDKgetValidBits(bs)) {
+ if (ascLen < 0 || ascLen > (INT)FDKgetValidBits(bs)) {
ErrorStatus = TRANSPORTDEC_PARSE_ERROR;
goto bail;
}