diff options
| author | Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de> | 2018-12-20 15:52:46 +0100 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-04-16 10:34:27 +0000 |
| commit | 18ac2d928d163d748b77a0257bf51ed259ce9a23 (patch) | |
| tree | b9ce6ce1f5f3d0a4936db3b5b87deaa5064e80f3 /libFDK | |
| parent | 7a86a094a50fa98d773e9e90964fac762ac948b3 (diff) | |
| download | fdk-aac-18ac2d928d163d748b77a0257bf51ed259ce9a23.tar.gz fdk-aac-18ac2d928d163d748b77a0257bf51ed259ce9a23.tar.bz2 fdk-aac-18ac2d928d163d748b77a0257bf51ed259ce9a23.zip | |
Add sanity check in huff_decode()
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Bug: 119292397
Change-Id: I33e99629665df9aa6262c90dd7ebdde4b4b9d773
(cherry picked from commit b81f869de3f7c5b6395606d5f36cef57987eae8f)
Diffstat (limited to 'libFDK')
| -rw-r--r-- | libFDK/src/nlc_dec.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/libFDK/src/nlc_dec.cpp b/libFDK/src/nlc_dec.cpp index 8a8ccfd..6e98ce0 100644 --- a/libFDK/src/nlc_dec.cpp +++ b/libFDK/src/nlc_dec.cpp @@ -647,6 +647,10 @@ static ERROR_t huff_decode(HANDLE_FDK_BITSTREAM strm, SCHAR* out_data_1, } df_rest_flag_1 = num_val_1_int % 2; if (df_rest_flag_1) num_val_1_int -= 1; + if (num_val_1_int < 0) { + err = HUFFDEC_NOTOK; + goto bail; + } } if (out_data_2 != NULL) { if (diff_type_2 == DIFF_FREQ) { @@ -658,6 +662,10 @@ static ERROR_t huff_decode(HANDLE_FDK_BITSTREAM strm, SCHAR* out_data_1, } df_rest_flag_2 = num_val_2_int % 2; if (df_rest_flag_2) num_val_2_int -= 1; + if (num_val_2_int < 0) { + err = HUFFDEC_NOTOK; + goto bail; + } } if (out_data_1 != NULL) { |