diff options
author | Jean-Michel Trivi <jmtrivi@google.com> | 2018-10-08 21:20:57 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2018-10-08 21:20:57 +0000 |
commit | 927448349c11391dae98fe1581813ae7ea1520ad (patch) | |
tree | 960883277ed86760eec6f3d9a3afca9c21fd914e /libSBRdec | |
parent | 28234107a71eb9ca3d214bbbe40e57c5055579df (diff) | |
parent | 4dad829df00932b89858b9833cf5dcded8d97c37 (diff) | |
download | fdk-aac-927448349c11391dae98fe1581813ae7ea1520ad.tar.gz fdk-aac-927448349c11391dae98fe1581813ae7ea1520ad.tar.bz2 fdk-aac-927448349c11391dae98fe1581813ae7ea1520ad.zip |
Merge "Prevent out of bounds accesses in lppTransposer() and lppTransposerHBE()" into pi-dev
Diffstat (limited to 'libSBRdec')
-rw-r--r-- | libSBRdec/src/lpp_tran.cpp | 74 |
1 files changed, 47 insertions, 27 deletions
diff --git a/libSBRdec/src/lpp_tran.cpp b/libSBRdec/src/lpp_tran.cpp index aa1fd5d..2ef07eb 100644 --- a/libSBRdec/src/lpp_tran.cpp +++ b/libSBRdec/src/lpp_tran.cpp @@ -118,6 +118,10 @@ amm-info@iis.fraunhofer.de \sa lppTransposer(), main_audio.cpp, sbr_scale.h, \ref documentationOverview */ +#ifdef __ANDROID__ +#include "log/log.h" +#endif + #include "lpp_tran.h" #include "sbr_ram.h" @@ -295,7 +299,6 @@ void lppTransposer( int ovLowBandShift; int lowBandShift; /* int ovHighBandShift;*/ - int targetStopBand; alphai[0] = FL2FXCONST_SGL(0.0f); alphai[1] = FL2FXCONST_SGL(0.0f); @@ -311,25 +314,34 @@ void lppTransposer( autoCorrLength = pSettings->nCols + pSettings->overlap; - /* Set upper subbands to zero: - This is required in case that the patches do not cover the complete - highband (because the last patch would be too short). Possible - optimization: Clearing bands up to usb would be sufficient here. */ - targetStopBand = patchParam[pSettings->noOfPatches - 1].targetStartBand + - patchParam[pSettings->noOfPatches - 1].numBandsInPatch; + if (pSettings->noOfPatches > 0) { + /* Set upper subbands to zero: + This is required in case that the patches do not cover the complete + highband (because the last patch would be too short). Possible + optimization: Clearing bands up to usb would be sufficient here. */ + int targetStopBand = + patchParam[pSettings->noOfPatches - 1].targetStartBand + + patchParam[pSettings->noOfPatches - 1].numBandsInPatch; - int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL); + int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL); - if (!useLP) { - for (i = startSample; i < stopSampleClear; i++) { - FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); - FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize); - } - } else { - for (i = startSample; i < stopSampleClear; i++) { - FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); + if (!useLP) { + for (i = startSample; i < stopSampleClear; i++) { + FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); + FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize); + } + } else { + for (i = startSample; i < stopSampleClear; i++) { + FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); + } } } +#ifdef __ANDROID__ + else { + // Safetynet logging + android_errorWriteLog(0x534e4554, "112160868"); + } +#endif /* init bwIndex for each patch */ FDKmemclear(bwIndex, sizeof(bwIndex)); @@ -874,7 +886,6 @@ void lppTransposerHBE( int ovLowBandShift; int lowBandShift; /* int ovHighBandShift;*/ - int targetStopBand; alphai[0] = FL2FXCONST_SGL(0.0f); alphai[1] = FL2FXCONST_SGL(0.0f); @@ -889,19 +900,28 @@ void lppTransposerHBE( autoCorrLength = pSettings->nCols + pSettings->overlap; - /* Set upper subbands to zero: - This is required in case that the patches do not cover the complete - highband (because the last patch would be too short). Possible - optimization: Clearing bands up to usb would be sufficient here. */ - targetStopBand = patchParam[pSettings->noOfPatches - 1].targetStartBand + - patchParam[pSettings->noOfPatches - 1].numBandsInPatch; + if (pSettings->noOfPatches > 0) { + /* Set upper subbands to zero: + This is required in case that the patches do not cover the complete + highband (because the last patch would be too short). Possible + optimization: Clearing bands up to usb would be sufficient here. */ + int targetStopBand = + patchParam[pSettings->noOfPatches - 1].targetStartBand + + patchParam[pSettings->noOfPatches - 1].numBandsInPatch; - int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL); + int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL); - for (i = startSample; i < stopSampleClear; i++) { - FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); - FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize); + for (i = startSample; i < stopSampleClear; i++) { + FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); + FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize); + } + } +#ifdef __ANDROID__ + else { + // Safetynet logging + android_errorWriteLog(0x534e4554, "112160868"); } +#endif /* Calc common low band scale factor |