diff options
Diffstat (limited to 'libSACdec/src/sac_bitdec.cpp')
| -rw-r--r-- | libSACdec/src/sac_bitdec.cpp | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/libSACdec/src/sac_bitdec.cpp b/libSACdec/src/sac_bitdec.cpp index 37e0cf2..a1bdca4 100644 --- a/libSACdec/src/sac_bitdec.cpp +++ b/libSACdec/src/sac_bitdec.cpp @@ -291,13 +291,13 @@ SACDEC_ERROR SpatialDecParseSpecificConfigHeader( if (sacHeaderLen == 127) { sacHeaderLen += FDKreadBits(bitstream, 16); } - numFillBits = FDKgetValidBits(bitstream); + numFillBits = (INT)FDKgetValidBits(bitstream); err = SpatialDecParseSpecificConfig(bitstream, pSpatialSpecificConfig, sacHeaderLen, coreCodec); numFillBits -= - FDKgetValidBits(bitstream); /* the number of read bits (tmpBits) */ + (INT)FDKgetValidBits(bitstream); /* the number of read bits (tmpBits) */ numFillBits = (8 * sacHeaderLen) - numFillBits; if (numFillBits < 0) { /* Parsing went wrong */ @@ -325,6 +325,8 @@ SACDEC_ERROR SpatialDecParseMps212Config( INT coreSbrFrameLengthIndex) { int i; + FDKmemclear(pSpatialSpecificConfig, sizeof(SPATIAL_SPECIFIC_CONFIG)); + pSpatialSpecificConfig->stereoConfigIndex = stereoConfigIndex; pSpatialSpecificConfig->coreSbrFrameLengthIndex = coreSbrFrameLengthIndex; pSpatialSpecificConfig->freqRes = @@ -447,6 +449,8 @@ SACDEC_ERROR SpatialDecParseSpecificConfig( int numHeaderBits; int cfgStartPos, bitsAvailable; + FDKmemclear(pSpatialSpecificConfig, sizeof(SPATIAL_SPECIFIC_CONFIG)); + cfgStartPos = FDKgetValidBits(bitstream); /* It might be that we do not know the SSC length beforehand. */ if (sacHeaderLen == 0) { @@ -513,6 +517,10 @@ SACDEC_ERROR SpatialDecParseSpecificConfig( pSpatialSpecificConfig->tempShapeConfig = (SPATIALDEC_TS_CONF)FDKreadBits(bitstream, 2); + if (pSpatialSpecificConfig->tempShapeConfig > 2) { + return MPS_PARSE_ERROR; /* reserved value */ + } + pSpatialSpecificConfig->decorrConfig = (SPATIALDEC_DECORR_CONF)FDKreadBits(bitstream, 2); if (pSpatialSpecificConfig->decorrConfig > 2) { @@ -568,16 +576,18 @@ SACDEC_ERROR SpatialDecParseSpecificConfig( numHeaderBits = cfgStartPos - (INT)FDKgetValidBits(bitstream); bitsAvailable -= numHeaderBits; + if (bitsAvailable < 0) { + err = MPS_PARSE_ERROR; + goto bail; + } pSpatialSpecificConfig->sacExtCnt = 0; pSpatialSpecificConfig->bResidualCoding = 0; - if ((err == MPS_OK) && (bitsAvailable > 0)) { - err = SpatialDecParseExtensionConfig( - bitstream, pSpatialSpecificConfig, pSpatialSpecificConfig->nOttBoxes, - pSpatialSpecificConfig->nTttBoxes, - pSpatialSpecificConfig->nOutputChannels, bitsAvailable); - } + err = SpatialDecParseExtensionConfig( + bitstream, pSpatialSpecificConfig, pSpatialSpecificConfig->nOttBoxes, + pSpatialSpecificConfig->nTttBoxes, + pSpatialSpecificConfig->nOutputChannels, bitsAvailable); FDKbyteAlign( bitstream, @@ -1447,7 +1457,7 @@ static SACDEC_ERROR mapIndexData( FIXP_DBL (*pOttVsTotDb1)[MAX_PARAMETER_SETS][MAX_PARAMETER_BANDS], FIXP_DBL (*pOttVsTotDb2)[MAX_PARAMETER_SETS][MAX_PARAMETER_BANDS]) { int aParamSlots[MAX_PARAMETER_SETS]; - int aInterpolate[MAX_PARAMETER_SETS]; + int aInterpolate[MAX_PARAMETER_SETS] = {0}; int dataSets; int aMap[MAX_PARAMETER_BANDS + 1]; @@ -1552,6 +1562,7 @@ static SACDEC_ERROR mapIndexData( i2 = i; while (aInterpolate[i2] == 1) { i2++; + if (i2 >= MAX_PARAMETER_SETS) return MPS_WRONG_PARAMETERSETS; } x1 = paramSlot[i1]; xi = paramSlot[i]; @@ -1864,6 +1875,16 @@ SACDEC_ERROR SpatialDecDecodeFrame(spatialDec *self, SPATIAL_BS_FRAME *frame) { frame->numParameterSets = fixMin(MAX_PARAMETER_SETS, frame->numParameterSets + 1); frame->paramSlot[frame->numParameterSets - 1] = self->timeSlots - 1; + + for (int p = 0; p < frame->numParameterSets; p++) { + if (frame->paramSlot[p] > self->timeSlots - 1) { + frame->paramSlot[p] = self->timeSlots - 1; + err = MPS_PARSE_ERROR; + } + } + if (err != MPS_OK) { + goto bail; + } } bail: |