diff options
author | Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de> | 2018-06-08 18:03:16 +0200 |
---|---|---|
committer | Jean-Michel Trivi <jmtrivi@google.com> | 2018-08-14 16:56:02 +0000 |
commit | 62623d8d797a3d7314834c59ebc785e738965635 (patch) | |
tree | 8b8138ad6026a839f32b3c7259150c2e180fb537 /libAACdec/src/rvlcbit.cpp | |
parent | e2fc820df987ff29a7b2a99785e47ae372caa019 (diff) | |
download | fdk-aac-62623d8d797a3d7314834c59ebc785e738965635.tar.gz fdk-aac-62623d8d797a3d7314834c59ebc785e738965635.tar.bz2 fdk-aac-62623d8d797a3d7314834c59ebc785e738965635.zip |
FDK sanitization fixes
Bug: 110641440
Bug: 109936783
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Prevent bit buffer counter overflow.
While long-term test we discovered a bit counter overflow in the bit buffer.
The bit buffer state was only used by HCR and RVLC tool and can easily be substituted with FDKgetValidBits() call.
The following patch completely removes the bit counter and all its obsolete functions.
Change-Id: Icee0519d26a2aa62367d2dece59cd3d60ffcade7
Fix call to function sbrDecoder_Header() through pointer to incorrect function type.
While testing FDK in Android P DP3 x86 64bit emulator we observed a runtime error.
The function parameter of the callback didn't use a typeless pointer.
Following patch contains a revised sbr decoder callback function with explicit data type cast to be inline with all other callbacks in FDK.
Change-Id: Id224de22beaf2eb9631babd838c4c3ceae0a801e
Fix huffman decoder escape sequence length limitation.
Change-Id: Ib05cc2c065739c27b9720a24f90d0ce4d15bf601
Prevent overflow in MPEG-D DRC _setSelectionDataInfo().
Change-Id: I3b90ef7a5168e20766a2574d57d81bb39d2a5fb9
Add sanity check for allowed LPD sampling rate.
Change-Id: I0702024adc07ed463db795dd48f4efd3de1d7896
Always check whether given channel config is supported.
Change-Id: I169161dd31bc624f2cab6be2b4c6518946ed32ba
Unsigned Integer Overflow in aacDecoder_DecodeFrame().
Change-Id: I617dd545f9ea0aca5a5e7d214bbc35f089bc355d
Unsigned Integer Overflow in SpatialDecParseSpecificConfigHeader().
Change-Id: I5994a55f993835fa511ff61a337726b3e51aed5d
Unsigned Integer Overflows in mpegSurroundDecoder_Parse().
Change-Id: I3714e88d7a9a866297bb2e93571804665a97773f
Unsigned Integer Overflow in transportDec_AdjustEndOfAccessUnit().
Change-Id: Ie4924460d30ea4ef76917704ded809d04db78993
Unsigned Integer Overflow in transportDec_readHeader().
Change-Id: I0beedab38175fc57e5bd9eb5700a3850ef2bebf7
UBSAN overflow in FFT
An overflow in the fft was observed for certain configurations. The root cause was in the scaling of the fft input data in dct_IV and dst_IV.
The following patch revises the scaling in dct and removes the unused arm implementation.
Change-Id: Idc9c44a9755b8151d5c7d8107696f43ac592413b
Diffstat (limited to 'libAACdec/src/rvlcbit.cpp')
-rw-r--r-- | libAACdec/src/rvlcbit.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/libAACdec/src/rvlcbit.cpp b/libAACdec/src/rvlcbit.cpp index c06cf96..b0c4596 100644 --- a/libAACdec/src/rvlcbit.cpp +++ b/libAACdec/src/rvlcbit.cpp @@ -123,10 +123,10 @@ read direction. It is called very often, therefore it makes sense to inline it -------------------------------------------------------------------------------------------- */ -UCHAR rvlcReadBitFromBitstream(HANDLE_FDK_BITSTREAM bs, INT *pPosition, - UCHAR readDirection) { +UCHAR rvlcReadBitFromBitstream(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT *pPosition, UCHAR readDirection) { UINT bit; - INT readBitOffset = *pPosition - FDKgetBitCnt(bs); + INT readBitOffset = (INT)FDKgetValidBits(bs) - bsAnchor + *pPosition; if (readBitOffset) { FDKpushBiDirectional(bs, readBitOffset); |