diff options
| author | Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de> | 2018-06-08 18:03:16 +0200 |
|---|---|---|
| committer | Jean-Michel Trivi <jmtrivi@google.com> | 2018-08-14 16:56:02 +0000 |
| commit | 62623d8d797a3d7314834c59ebc785e738965635 (patch) | |
| tree | 8b8138ad6026a839f32b3c7259150c2e180fb537 /libAACdec/src | |
| parent | e2fc820df987ff29a7b2a99785e47ae372caa019 (diff) | |
| download | fdk-aac-62623d8d797a3d7314834c59ebc785e738965635.tar.gz fdk-aac-62623d8d797a3d7314834c59ebc785e738965635.tar.bz2 fdk-aac-62623d8d797a3d7314834c59ebc785e738965635.zip | |
FDK sanitization fixes
Bug: 110641440
Bug: 109936783
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Prevent bit buffer counter overflow.
While long-term test we discovered a bit counter overflow in the bit buffer.
The bit buffer state was only used by HCR and RVLC tool and can easily be substituted with FDKgetValidBits() call.
The following patch completely removes the bit counter and all its obsolete functions.
Change-Id: Icee0519d26a2aa62367d2dece59cd3d60ffcade7
Fix call to function sbrDecoder_Header() through pointer to incorrect function type.
While testing FDK in Android P DP3 x86 64bit emulator we observed a runtime error.
The function parameter of the callback didn't use a typeless pointer.
Following patch contains a revised sbr decoder callback function with explicit data type cast to be inline with all other callbacks in FDK.
Change-Id: Id224de22beaf2eb9631babd838c4c3ceae0a801e
Fix huffman decoder escape sequence length limitation.
Change-Id: Ib05cc2c065739c27b9720a24f90d0ce4d15bf601
Prevent overflow in MPEG-D DRC _setSelectionDataInfo().
Change-Id: I3b90ef7a5168e20766a2574d57d81bb39d2a5fb9
Add sanity check for allowed LPD sampling rate.
Change-Id: I0702024adc07ed463db795dd48f4efd3de1d7896
Always check whether given channel config is supported.
Change-Id: I169161dd31bc624f2cab6be2b4c6518946ed32ba
Unsigned Integer Overflow in aacDecoder_DecodeFrame().
Change-Id: I617dd545f9ea0aca5a5e7d214bbc35f089bc355d
Unsigned Integer Overflow in SpatialDecParseSpecificConfigHeader().
Change-Id: I5994a55f993835fa511ff61a337726b3e51aed5d
Unsigned Integer Overflows in mpegSurroundDecoder_Parse().
Change-Id: I3714e88d7a9a866297bb2e93571804665a97773f
Unsigned Integer Overflow in transportDec_AdjustEndOfAccessUnit().
Change-Id: Ie4924460d30ea4ef76917704ded809d04db78993
Unsigned Integer Overflow in transportDec_readHeader().
Change-Id: I0beedab38175fc57e5bd9eb5700a3850ef2bebf7
UBSAN overflow in FFT
An overflow in the fft was observed for certain configurations. The root cause was in the scaling of the fft input data in dct_IV and dst_IV.
The following patch revises the scaling in dct and removes the unused arm implementation.
Change-Id: Idc9c44a9755b8151d5c7d8107696f43ac592413b
Diffstat (limited to 'libAACdec/src')
| -rw-r--r-- | libAACdec/src/aacdec_hcr.cpp | 82 | ||||
| -rw-r--r-- | libAACdec/src/aacdec_hcr_bit.cpp | 7 | ||||
| -rw-r--r-- | libAACdec/src/aacdec_hcr_bit.h | 3 | ||||
| -rw-r--r-- | libAACdec/src/aacdec_hcr_types.h | 2 | ||||
| -rw-r--r-- | libAACdec/src/aacdec_hcrs.cpp | 42 | ||||
| -rw-r--r-- | libAACdec/src/aacdecoder.cpp | 14 | ||||
| -rw-r--r-- | libAACdec/src/aacdecoder_lib.cpp | 21 | ||||
| -rw-r--r-- | libAACdec/src/block.cpp | 12 | ||||
| -rw-r--r-- | libAACdec/src/rvlc.cpp | 29 | ||||
| -rw-r--r-- | libAACdec/src/rvlc_info.h | 1 | ||||
| -rw-r--r-- | libAACdec/src/rvlcbit.cpp | 6 | ||||
| -rw-r--r-- | libAACdec/src/rvlcbit.h | 4 | ||||
| -rw-r--r-- | libAACdec/src/usacdec_lpd.cpp | 3 |
13 files changed, 125 insertions, 101 deletions
diff --git a/libAACdec/src/aacdec_hcr.cpp b/libAACdec/src/aacdec_hcr.cpp index 84e05b0..6114756 100644 --- a/libAACdec/src/aacdec_hcr.cpp +++ b/libAACdec/src/aacdec_hcr.cpp @@ -134,17 +134,18 @@ static void DeriveNumberOfExtendedSortedSectionsInSets( USHORT *pNumExtendedSortedSectionsInSets, int numExtendedSortedSectionsInSetsIdx); -static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, INT quantSpecCoef, - INT *pLeftStartOfSegment, +static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT quantSpecCoef, INT *pLeftStartOfSegment, SCHAR *pRemainingBitsInSegment, int *pNumDecodedBits); -static int DecodePCW_Sign(HANDLE_FDK_BITSTREAM bs, UINT codebookDim, - const SCHAR *pQuantVal, FIXP_DBL *pQuantSpecCoef, - int *quantSpecCoefIdx, INT *pLeftStartOfSegment, +static int DecodePCW_Sign(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + UINT codebookDim, const SCHAR *pQuantVal, + FIXP_DBL *pQuantSpecCoef, int *quantSpecCoefIdx, + INT *pLeftStartOfSegment, SCHAR *pRemainingBitsInSegment, int *pNumDecodedBits); -static const SCHAR *DecodePCW_Body(HANDLE_FDK_BITSTREAM bs, +static const SCHAR *DecodePCW_Body(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, const UINT *pCurrentTree, const SCHAR *pQuantValBase, INT *pLeftStartOfSegment, @@ -291,7 +292,7 @@ UINT HcrInit(H_HCR_INFO pHcr, CAacDecoderChannelInfo *pAacDecoderChannelInfo, SPEC_LONG(pAacDecoderChannelInfo->pSpectralCoefficient); FDKsyncCache(bs); - pHcr->decInOut.bitstreamIndex = FDKgetBitCnt(bs); + pHcr->decInOut.bitstreamAnchor = (INT)FDKgetValidBits(bs); if (!IsLongBlock(&pAacDecoderChannelInfo->icsInfo)) /* short block */ { @@ -436,7 +437,7 @@ UINT HcrDecoder(H_HCR_INFO pHcr, CAacDecoderChannelInfo *pAacDecoderChannelInfo, int pTmp5; INT bitCntOffst; - INT saveBitCnt = FDKgetBitCnt(bs); /* save bitstream position */ + INT saveBitCnt = (INT)FDKgetValidBits(bs); /* save bitstream position */ HcrCalcNumCodeword(pHcr); @@ -487,7 +488,7 @@ UINT HcrDecoder(H_HCR_INFO pHcr, CAacDecoderChannelInfo *pAacDecoderChannelInfo, pSamplingRateInfo); /* restore bitstream position */ - bitCntOffst = saveBitCnt - FDKgetBitCnt(bs); + bitCntOffst = (INT)FDKgetValidBits(bs) - saveBitCnt; if (bitCntOffst) { FDKpushBiDirectional(bs, bitCntOffst); } @@ -815,7 +816,6 @@ static void HcrPrepareSegmentationGrid(H_HCR_INFO pHcr) { INT *pLeftStartOfSegment = pHcr->segmentInfo.pLeftStartOfSegment; INT *pRightStartOfSegment = pHcr->segmentInfo.pRightStartOfSegment; SCHAR *pRemainingBitsInSegment = pHcr->segmentInfo.pRemainingBitsInSegment; - INT bitstreamIndex = pHcr->decInOut.bitstreamIndex; const UCHAR *pMaxCwLength = aMaxCwLen; for (i = numSortedSection; i != 0; i--) { @@ -825,7 +825,7 @@ static void HcrPrepareSegmentationGrid(H_HCR_INFO pHcr) { for (j = *pNumSortedCodewordInSection; j != 0; j--) { /* width allows a new segment */ - intermediateResult = bitstreamIndex + segmentStart; + intermediateResult = segmentStart; if ((segmentStart + segmentWidth) <= lengthOfReorderedSpectralData) { /* store segment start, segment length and increment the number of * segments */ @@ -841,12 +841,11 @@ static void HcrPrepareSegmentationGrid(H_HCR_INFO pHcr) { pLeftStartOfSegment--; pRightStartOfSegment--; pRemainingBitsInSegment--; - segmentStart = *pLeftStartOfSegment - bitstreamIndex; + segmentStart = *pLeftStartOfSegment; lastSegmentWidth = lengthOfReorderedSpectralData - segmentStart; *pRemainingBitsInSegment = lastSegmentWidth; - *pRightStartOfSegment = - bitstreamIndex + segmentStart + lastSegmentWidth - 1; + *pRightStartOfSegment = segmentStart + lastSegmentWidth - 1; endFlag = 1; break; } @@ -1071,9 +1070,9 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { numDecodedBits = 0; /* decode PCW_BODY */ - pQuantVal = - DecodePCW_Body(bs, pCurrentTree, pQuantValBase, pLeftStartOfSegment, - pRemainingBitsInSegment, &numDecodedBits); + pQuantVal = DecodePCW_Body( + bs, pHcr->decInOut.bitstreamAnchor, pCurrentTree, pQuantValBase, + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits); /* result is written out here because NO sign bits follow the body */ for (i = dimension; i != 0; i--) { @@ -1115,14 +1114,14 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { int err; numDecodedBits = 0; - pQuantVal = - DecodePCW_Body(bs, pCurrentTree, pQuantValBase, pLeftStartOfSegment, - pRemainingBitsInSegment, &numDecodedBits); + pQuantVal = DecodePCW_Body( + bs, pHcr->decInOut.bitstreamAnchor, pCurrentTree, pQuantValBase, + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits); err = DecodePCW_Sign( - bs, dimension, pQuantVal, pQuantizedSpectralCoefficients, - &quantizedSpectralCoefficientsIdx, pLeftStartOfSegment, - pRemainingBitsInSegment, &numDecodedBits); + bs, pHcr->decInOut.bitstreamAnchor, dimension, pQuantVal, + pQuantizedSpectralCoefficients, &quantizedSpectralCoefficientsIdx, + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits); if (err != 0) { return; } @@ -1157,14 +1156,14 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { numDecodedBits = 0; /* decode PCW_BODY */ - pQuantVal = - DecodePCW_Body(bs, pCurrentTree, pQuantValBase, pLeftStartOfSegment, - pRemainingBitsInSegment, &numDecodedBits); + pQuantVal = DecodePCW_Body( + bs, pHcr->decInOut.bitstreamAnchor, pCurrentTree, pQuantValBase, + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits); err = DecodePCW_Sign( - bs, dimension, pQuantVal, pQuantizedSpectralCoefficients, - &quantizedSpectralCoefficientsIdx, pLeftStartOfSegment, - pRemainingBitsInSegment, &numDecodedBits); + bs, pHcr->decInOut.bitstreamAnchor, dimension, pQuantVal, + pQuantizedSpectralCoefficients, &quantizedSpectralCoefficientsIdx, + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits); if (err != 0) { return; } @@ -1177,7 +1176,7 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { (FIXP_DBL)ESCAPE_VALUE) { pQuantizedSpectralCoefficients[quantizedSpectralCoefficientsIdx] = (FIXP_DBL)DecodeEscapeSequence( - bs, + bs, pHcr->decInOut.bitstreamAnchor, pQuantizedSpectralCoefficients [quantizedSpectralCoefficientsIdx], pLeftStartOfSegment, pRemainingBitsInSegment, @@ -1193,7 +1192,7 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { (FIXP_DBL)ESCAPE_VALUE) { pQuantizedSpectralCoefficients[quantizedSpectralCoefficientsIdx] = (FIXP_DBL)DecodeEscapeSequence( - bs, + bs, pHcr->decInOut.bitstreamAnchor, pQuantizedSpectralCoefficients [quantizedSpectralCoefficientsIdx], pLeftStartOfSegment, pRemainingBitsInSegment, @@ -1331,7 +1330,7 @@ void CarryBitToBranchValue(UCHAR carryBit, UINT treeNode, UINT *branchValue, spectral coefficients -------------------------------------------------------------------------------------------- */ -static const SCHAR *DecodePCW_Body(HANDLE_FDK_BITSTREAM bs, +static const SCHAR *DecodePCW_Body(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, const UINT *pCurrentTree, const SCHAR *pQuantValBase, INT *pLeftStartOfSegment, @@ -1349,7 +1348,7 @@ static const SCHAR *DecodePCW_Body(HANDLE_FDK_BITSTREAM bs, /* decode whole PCW-codeword-body */ while (1) { - carryBit = HcrGetABitFromBitstream(bs, pLeftStartOfSegment, + carryBit = HcrGetABitFromBitstream(bs, bsAnchor, pLeftStartOfSegment, pLeftStartOfSegment, /* dummy */ FROM_LEFT_TO_RIGHT); *pRemainingBitsInSegment -= 1; @@ -1384,8 +1383,8 @@ value == 16, a escapeSequence is decoded in two steps: -------------------------------------------------------------------------------------------- */ -static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, INT quantSpecCoef, - INT *pLeftStartOfSegment, +static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT quantSpecCoef, INT *pLeftStartOfSegment, SCHAR *pRemainingBitsInSegment, int *pNumDecodedBits) { UINT i; @@ -1396,7 +1395,7 @@ static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, INT quantSpecCoef, /* decode escape prefix */ while (1) { - carryBit = HcrGetABitFromBitstream(bs, pLeftStartOfSegment, + carryBit = HcrGetABitFromBitstream(bs, bsAnchor, pLeftStartOfSegment, pLeftStartOfSegment, /* dummy */ FROM_LEFT_TO_RIGHT); *pRemainingBitsInSegment -= 1; @@ -1412,7 +1411,7 @@ static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, INT quantSpecCoef, /* decode escape word */ for (i = escapeOnesCounter; i != 0; i--) { - carryBit = HcrGetABitFromBitstream(bs, pLeftStartOfSegment, + carryBit = HcrGetABitFromBitstream(bs, bsAnchor, pLeftStartOfSegment, pLeftStartOfSegment, /* dummy */ FROM_LEFT_TO_RIGHT); *pRemainingBitsInSegment -= 1; @@ -1441,9 +1440,10 @@ the last of eight function of HCR) line) -------------------------------------------------------------------------------------------- */ -static int DecodePCW_Sign(HANDLE_FDK_BITSTREAM bs, UINT codebookDim, - const SCHAR *pQuantVal, FIXP_DBL *pQuantSpecCoef, - int *quantSpecCoefIdx, INT *pLeftStartOfSegment, +static int DecodePCW_Sign(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + UINT codebookDim, const SCHAR *pQuantVal, + FIXP_DBL *pQuantSpecCoef, int *quantSpecCoefIdx, + INT *pLeftStartOfSegment, SCHAR *pRemainingBitsInSegment, int *pNumDecodedBits) { UINT i; @@ -1453,7 +1453,7 @@ static int DecodePCW_Sign(HANDLE_FDK_BITSTREAM bs, UINT codebookDim, for (i = codebookDim; i != 0; i--) { quantSpecCoef = *pQuantVal++; if (quantSpecCoef != 0) { - carryBit = HcrGetABitFromBitstream(bs, pLeftStartOfSegment, + carryBit = HcrGetABitFromBitstream(bs, bsAnchor, pLeftStartOfSegment, pLeftStartOfSegment, /* dummy */ FROM_LEFT_TO_RIGHT); *pRemainingBitsInSegment -= 1; diff --git a/libAACdec/src/aacdec_hcr_bit.cpp b/libAACdec/src/aacdec_hcr_bit.cpp index a53ef16..0198659 100644 --- a/libAACdec/src/aacdec_hcr_bit.cpp +++ b/libAACdec/src/aacdec_hcr_bit.cpp @@ -132,13 +132,14 @@ read direction. It is called very often, therefore it makes sense to inline it return: - bit from bitstream -------------------------------------------------------------------------------------------- */ -UINT HcrGetABitFromBitstream(HANDLE_FDK_BITSTREAM bs, INT *pLeftStartOfSegment, +UINT HcrGetABitFromBitstream(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT *pLeftStartOfSegment, INT *pRightStartOfSegment, UCHAR readDirection) { UINT bit; INT readBitOffset; if (readDirection == FROM_LEFT_TO_RIGHT) { - readBitOffset = *pLeftStartOfSegment - FDKgetBitCnt(bs); + readBitOffset = (INT)FDKgetValidBits(bs) - bsAnchor + *pLeftStartOfSegment; if (readBitOffset) { FDKpushBiDirectional(bs, readBitOffset); } @@ -147,7 +148,7 @@ UINT HcrGetABitFromBitstream(HANDLE_FDK_BITSTREAM bs, INT *pLeftStartOfSegment, *pLeftStartOfSegment += 1; } else { - readBitOffset = *pRightStartOfSegment - FDKgetBitCnt(bs); + readBitOffset = (INT)FDKgetValidBits(bs) - bsAnchor + *pRightStartOfSegment; if (readBitOffset) { FDKpushBiDirectional(bs, readBitOffset); } diff --git a/libAACdec/src/aacdec_hcr_bit.h b/libAACdec/src/aacdec_hcr_bit.h index 7a57c8c..77242ac 100644 --- a/libAACdec/src/aacdec_hcr_bit.h +++ b/libAACdec/src/aacdec_hcr_bit.h @@ -107,7 +107,8 @@ amm-info@iis.fraunhofer.de UCHAR ToggleReadDirection(UCHAR readDirection); -UINT HcrGetABitFromBitstream(HANDLE_FDK_BITSTREAM bs, INT *pLeftStartOfSegment, +UINT HcrGetABitFromBitstream(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT *pLeftStartOfSegment, INT *pRightStartOfSegment, UCHAR readDirection); #endif /* AACDEC_HCR_BIT_H */ diff --git a/libAACdec/src/aacdec_hcr_types.h b/libAACdec/src/aacdec_hcr_types.h index d550bc2..1cc3cb0 100644 --- a/libAACdec/src/aacdec_hcr_types.h +++ b/libAACdec/src/aacdec_hcr_types.h @@ -350,7 +350,7 @@ typedef struct { SHORT lengthOfReorderedSpectralData; SHORT numSection; SHORT *pNumLineInSect; - INT bitstreamIndex; + INT bitstreamAnchor; SCHAR lengthOfLongestCodeword; UCHAR *pCodebook; } HCR_INPUT_OUTPUT; diff --git a/libAACdec/src/aacdec_hcrs.cpp b/libAACdec/src/aacdec_hcrs.cpp index e2b7cd8..1d5aa27 100644 --- a/libAACdec/src/aacdec_hcrs.cpp +++ b/libAACdec/src/aacdec_hcrs.cpp @@ -615,9 +615,9 @@ UINT Hcr_State_BODY_ONLY(HANDLE_FDK_BITSTREAM bs, void *ptr) { for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); CarryBitToBranchValue(carryBit, /* make a step in decoding tree */ treeNode, &branchValue, &branchNode); @@ -749,9 +749,9 @@ UINT Hcr_State_BODY_SIGN__BODY(HANDLE_FDK_BITSTREAM bs, void *ptr) { for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); CarryBitToBranchValue(carryBit, /* make a step in decoding tree */ treeNode, &branchValue, &branchNode); @@ -884,9 +884,9 @@ UINT Hcr_State_BODY_SIGN__SIGN(HANDLE_FDK_BITSTREAM bs, void *ptr) { /* loop for sign bit decoding */ for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); cntSign -= 1; /* decrement sign counter because one sign bit has been read */ @@ -997,9 +997,9 @@ UINT Hcr_State_BODY_SIGN_ESC__BODY(HANDLE_FDK_BITSTREAM bs, void *ptr) { for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); /* make a step in tree */ CarryBitToBranchValue(carryBit, treeNode, &branchValue, &branchNode); @@ -1159,9 +1159,9 @@ UINT Hcr_State_BODY_SIGN_ESC__SIGN(HANDLE_FDK_BITSTREAM bs, void *ptr) { /* loop for sign bit decoding */ for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); /* decrement sign counter because one sign bit has been read */ cntSign -= 1; @@ -1314,9 +1314,9 @@ UINT Hcr_State_BODY_SIGN_ESC__ESC_PREFIX(HANDLE_FDK_BITSTREAM bs, void *ptr) { /* decode escape prefix */ for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); /* count ones and store sum in escapePrefixUp */ if (carryBit == 1) { @@ -1435,9 +1435,9 @@ UINT Hcr_State_BODY_SIGN_ESC__ESC_WORD(HANDLE_FDK_BITSTREAM bs, void *ptr) { /* decode escape word */ for (; pRemainingBitsInSegment[segmentOffset] > 0; pRemainingBitsInSegment[segmentOffset] -= 1) { - carryBit = HcrGetABitFromBitstream(bs, &pLeftStartOfSegment[segmentOffset], - &pRightStartOfSegment[segmentOffset], - readDirection); + carryBit = HcrGetABitFromBitstream( + bs, pHcr->decInOut.bitstreamAnchor, &pLeftStartOfSegment[segmentOffset], + &pRightStartOfSegment[segmentOffset], readDirection); /* build escape word */ escapeWord <<= diff --git a/libAACdec/src/aacdecoder.cpp b/libAACdec/src/aacdecoder.cpp index b8b1327..2a228c8 100644 --- a/libAACdec/src/aacdecoder.cpp +++ b/libAACdec/src/aacdecoder.cpp @@ -1630,14 +1630,14 @@ CAacDecoder_Init(HANDLE_AACDECODER self, const CSAudioSpecificConfig *asc, aacChannelsOffset = 0; aacChannelsOffsetIdx = 0; elementOffset = 0; + if ((ascChannels <= 0) || + (asc->m_channelConfiguration > AACDEC_MAX_CH_CONF)) { + return AAC_DEC_UNSUPPORTED_CHANNELCONFIG; + } + if ((ascChannels + aacChannelsOffsetIdx) > ((8) * 2)) { + return AAC_DEC_UNSUPPORTED_CHANNELCONFIG; + } if (configMode & AC_CM_ALLOC_MEM) { - if ((ascChannels <= 0) || - (asc->m_channelConfiguration > AACDEC_MAX_CH_CONF)) { - return AAC_DEC_UNSUPPORTED_CHANNELCONFIG; - } - if ((ascChannels + aacChannelsOffsetIdx) > ((8) * 2)) { - return AAC_DEC_UNSUPPORTED_CHANNELCONFIG; - } if ((ascChannels + aacChannelsOffset) > (8)) { return AAC_DEC_UNSUPPORTED_CHANNELCONFIG; } diff --git a/libAACdec/src/aacdecoder_lib.cpp b/libAACdec/src/aacdecoder_lib.cpp index d98cf5a..b528ef1 100644 --- a/libAACdec/src/aacdecoder_lib.cpp +++ b/libAACdec/src/aacdecoder_lib.cpp @@ -368,6 +368,23 @@ static INT aacDecoder_CtrlCFGChangeCallback( return errTp; } +static INT aacDecoder_SbrCallback( + void *handle, HANDLE_FDK_BITSTREAM hBs, const INT sampleRateIn, + const INT sampleRateOut, const INT samplesPerFrame, + const AUDIO_OBJECT_TYPE coreCodec, const MP4_ELEMENT_ID elementID, + const INT elementIndex, const UCHAR harmonicSBR, + const UCHAR stereoConfigIndex, const UCHAR configMode, UCHAR *configChanged, + const INT downscaleFactor) { + HANDLE_SBRDECODER self = (HANDLE_SBRDECODER)handle; + + INT errTp = sbrDecoder_Header(self, hBs, sampleRateIn, sampleRateOut, + samplesPerFrame, coreCodec, elementID, + elementIndex, harmonicSBR, stereoConfigIndex, + configMode, configChanged, downscaleFactor); + + return errTp; +} + static INT aacDecoder_SscCallback(void *handle, HANDLE_FDK_BITSTREAM hBs, const AUDIO_OBJECT_TYPE coreCodec, const INT samplingRate, @@ -959,7 +976,7 @@ LINKSPEC_CPP HANDLE_AACDECODER aacDecoder_Open(TRANSPORT_TYPE transportFmt, goto bail; } aacDec->qmfModeUser = NOT_DEFINED; - transportDec_RegisterSbrCallback(aacDec->hInput, (cbSbr_t)sbrDecoder_Header, + transportDec_RegisterSbrCallback(aacDec->hInput, aacDecoder_SbrCallback, (void *)aacDec->hSbrDecoder); if (mpegSurroundDecoder_Open( @@ -1865,7 +1882,7 @@ aacDecoder_DecodeFrame(HANDLE_AACDECODER self, INT_PCM *pTimeData_extern, } /* USAC DASH IPF flushing possible end */ if (accessUnit < numPrerollAU) { - FDKpushBack(hBsAu, auStartAnchor - FDKgetValidBits(hBsAu)); + FDKpushBack(hBsAu, auStartAnchor - (INT)FDKgetValidBits(hBsAu)); } else { if ((self->buildUpStatus == AACDEC_RSV60_BUILD_UP_ON) || (self->buildUpStatus == AACDEC_RSV60_BUILD_UP_ON_IN_BAND) || diff --git a/libAACdec/src/block.cpp b/libAACdec/src/block.cpp index 7d2a4b9..b3d09a6 100644 --- a/libAACdec/src/block.cpp +++ b/libAACdec/src/block.cpp @@ -127,9 +127,11 @@ amm-info@iis.fraunhofer.de The function reads the escape sequence from the bitstream, if the absolute value of the quantized coefficient has the value 16. - A limitation is implemented to maximal 31 bits to prevent endless loops. - If it strikes, MAX_QUANTIZED_VALUE + 1 is returned, independent of the sign of - parameter q. + A limitation is implemented to maximal 21 bits according to + ISO/IEC 14496-3:2009(E) 4.6.3.3. + This limits the escape prefix to a maximum of eight 1's. + If more than eight 1's are read, MAX_QUANTIZED_VALUE + 1 is + returned, independent of the sign of parameter q. \return quantized coefficient */ @@ -139,11 +141,11 @@ LONG CBlock_GetEscape(HANDLE_FDK_BITSTREAM bs, /*!< pointer to bitstream */ if (fAbs(q) != 16) return (q); LONG i, off; - for (i = 4; i < 32; i++) { + for (i = 4; i < 13; i++) { if (FDKreadBit(bs) == 0) break; } - if (i == 32) return (MAX_QUANTIZED_VALUE + 1); + if (i == 13) return (MAX_QUANTIZED_VALUE + 1); off = FDKreadBits(bs, i); i = off + (1 << i); diff --git a/libAACdec/src/rvlc.cpp b/libAACdec/src/rvlc.cpp index 92f9f02..b7a9be1 100644 --- a/libAACdec/src/rvlc.cpp +++ b/libAACdec/src/rvlc.cpp @@ -168,13 +168,14 @@ static void rvlcInit(CErRvlcInfo *pRvlc, /* set base bitstream ptr to the RVL-coded part (start of RVLC data (ESC 2)) */ FDKsyncCache(bs); + pRvlc->bsAnchor = (INT)FDKgetValidBits(bs); - pRvlc->bitstreamIndexRvlFwd = FDKgetBitCnt( - bs); /* first bit within RVL coded block as start address for forward - decoding */ - pRvlc->bitstreamIndexRvlBwd = FDKgetBitCnt(bs) + pRvlc->length_of_rvlc_sf - - 1; /* last bit within RVL coded block as start - address for backward decoding */ + pRvlc->bitstreamIndexRvlFwd = + 0; /* first bit within RVL coded block as start address for forward + decoding */ + pRvlc->bitstreamIndexRvlBwd = + pRvlc->length_of_rvlc_sf - 1; /* last bit within RVL coded block as start + address for backward decoding */ /* skip RVLC-bitstream-part -- pointing now to escapes (if present) or to TNS * data (if present) */ @@ -183,7 +184,7 @@ static void rvlcInit(CErRvlcInfo *pRvlc, if (pRvlc->sf_escapes_present != 0) { /* locate internal bitstream ptr at escapes (which is the second part) */ FDKsyncCache(bs); - pRvlc->bitstreamIndexEsc = FDKgetBitCnt(bs); + pRvlc->bitstreamIndexEsc = pRvlc->bsAnchor - (INT)FDKgetValidBits(bs); /* skip escapeRVLC-bitstream-part -- pointing to TNS data (if present) to * make decoder continue */ @@ -259,8 +260,9 @@ static SCHAR rvlcDecodeEscapeWord(CErRvlcInfo *pRvlc, HANDLE_FDK_BITSTREAM bs) { treeNode = *pEscTree; /* init at starting node */ for (i = MAX_LEN_RVLC_ESCAPE_WORD - 1; i >= 0; i--) { - carryBit = rvlcReadBitFromBitstream(bs, /* get next bit */ - pBitstreamIndexEsc, FWD); + carryBit = + rvlcReadBitFromBitstream(bs, /* get next bit */ + pRvlc->bsAnchor, pBitstreamIndexEsc, FWD); CarryBitToBranchValue(carryBit, /* huffman decoding, do a single step in huffman decoding tree */ @@ -370,8 +372,9 @@ SCHAR decodeRVLCodeword(HANDLE_FDK_BITSTREAM bs, CErRvlcInfo *pRvlc) { UINT treeNode = *pRvlCodeTree; for (i = MAX_LEN_RVLC_CODE_WORD - 1; i >= 0; i--) { - carryBit = rvlcReadBitFromBitstream(bs, /* get next bit */ - pBitstrIndxRvl, direction); + carryBit = + rvlcReadBitFromBitstream(bs, /* get next bit */ + pRvlc->bsAnchor, pBitstrIndxRvl, direction); CarryBitToBranchValue(carryBit, /* huffman decoding, do a single step in huffman decoding tree */ @@ -1140,7 +1143,7 @@ void CRvlc_Decode(CAacDecoderChannelInfo *pAacDecoderChannelInfo, rvlcInit(pRvlc, pAacDecoderChannelInfo, bs); /* save bitstream position */ - saveBitCnt = FDKgetBitCnt(bs); + saveBitCnt = (INT)FDKgetValidBits(bs); if (pRvlc->sf_escapes_present) rvlcDecodeEscapes( @@ -1155,7 +1158,7 @@ void CRvlc_Decode(CAacDecoderChannelInfo *pAacDecoderChannelInfo, pAacDecoderChannelInfo->data.aac.PnsData.PnsActive = pRvlc->noise_used; /* restore bitstream position */ - bitCntOffst = saveBitCnt - FDKgetBitCnt(bs); + bitCntOffst = (INT)FDKgetValidBits(bs) - saveBitCnt; if (bitCntOffst) { FDKpushBiDirectional(bs, bitCntOffst); } diff --git a/libAACdec/src/rvlc_info.h b/libAACdec/src/rvlc_info.h index fc9c19d..e7b3b99 100644 --- a/libAACdec/src/rvlc_info.h +++ b/libAACdec/src/rvlc_info.h @@ -164,6 +164,7 @@ typedef struct { UCHAR direction; /* bitstream indices */ + INT bsAnchor; /* hcr bit buffer reference index */ INT bitstreamIndexRvlFwd; /* base address of RVL-coded-scalefactor data (ESC 2) for forward decoding */ INT bitstreamIndexRvlBwd; /* base address of RVL-coded-scalefactor data (ESC diff --git a/libAACdec/src/rvlcbit.cpp b/libAACdec/src/rvlcbit.cpp index c06cf96..b0c4596 100644 --- a/libAACdec/src/rvlcbit.cpp +++ b/libAACdec/src/rvlcbit.cpp @@ -123,10 +123,10 @@ read direction. It is called very often, therefore it makes sense to inline it -------------------------------------------------------------------------------------------- */ -UCHAR rvlcReadBitFromBitstream(HANDLE_FDK_BITSTREAM bs, INT *pPosition, - UCHAR readDirection) { +UCHAR rvlcReadBitFromBitstream(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT *pPosition, UCHAR readDirection) { UINT bit; - INT readBitOffset = *pPosition - FDKgetBitCnt(bs); + INT readBitOffset = (INT)FDKgetValidBits(bs) - bsAnchor + *pPosition; if (readBitOffset) { FDKpushBiDirectional(bs, readBitOffset); diff --git a/libAACdec/src/rvlcbit.h b/libAACdec/src/rvlcbit.h index 5c6a3f1..2578453 100644 --- a/libAACdec/src/rvlcbit.h +++ b/libAACdec/src/rvlcbit.h @@ -105,7 +105,7 @@ amm-info@iis.fraunhofer.de #include "rvlc.h" -UCHAR rvlcReadBitFromBitstream(HANDLE_FDK_BITSTREAM bs, INT *pPosition, - UCHAR readDirection); +UCHAR rvlcReadBitFromBitstream(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, + INT *pPosition, UCHAR readDirection); #endif /* RVLCBIT_H */ diff --git a/libAACdec/src/usacdec_lpd.cpp b/libAACdec/src/usacdec_lpd.cpp index 22069a6..f53e39f 100644 --- a/libAACdec/src/usacdec_lpd.cpp +++ b/libAACdec/src/usacdec_lpd.cpp @@ -1221,8 +1221,7 @@ AAC_DECODER_ERROR CLpdChannelStream_Read( (INT)(samplingRate * PIT_MIN_12k8 + (FSCALE_DENOM / 2)) / FSCALE_DENOM - (INT)PIT_MIN_12k8; - if (pSamplingRateInfo->samplingRate > - FAC_FSCALE_MAX /* maximum allowed core sampling frequency */) { + if ((samplingRate < 6000) || (samplingRate > 24000)) { error = AAC_DEC_PARSE_ERROR; goto bail; } |