From bedfd82356dafa1f51f360af29f302a672d6866c Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 9 Aug 2019 17:09:00 +0200 Subject: Fix shift value assignment in addHighBandPart(). Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I69457c1b551e33e3ee9ef39b457b0f83de2e370e --- libSBRdec/src/hbe.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libSBRdec/src/hbe.cpp b/libSBRdec/src/hbe.cpp index 1141e9c..2284c42 100644 --- a/libSBRdec/src/hbe.cpp +++ b/libSBRdec/src/hbe.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -1339,7 +1339,7 @@ static void addHighBandPart(FIXP_DBL g_r_m, FIXP_DBL g_i_m, INT g_e, g_r_m = fMultDiv2(tmp_r, factor_m) << shift; g_i_m = fMultDiv2(tmp_i, factor_m) << shift; g_e = scale_factor_hbe - (g_e + factor_e + gammaCenter_e + add); - fMax((INT)0, g_e); + g_e = fMax((INT)0, g_e); *qmfHBEBufReal_F += g_r_m >> g_e; *qmfHBEBufImag_F += g_i_m >> g_e; } -- cgit v1.2.3 From a65911cd2ef6a16878e88cd91818ef962950ceec Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 9 Aug 2019 17:09:18 +0200 Subject: Limit shift exponent in adjustTimeSlot_EldGrid(). Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I4000972d63d74e871d47f2db031308cd7ea285d6 --- libSBRdec/src/env_calc.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libSBRdec/src/env_calc.cpp b/libSBRdec/src/env_calc.cpp index 1242833..eaf739d 100644 --- a/libSBRdec/src/env_calc.cpp +++ b/libSBRdec/src/env_calc.cpp @@ -1576,12 +1576,13 @@ void calculateSbrEnvelope( FDK_ASSERT(!iTES_enable); /* not supported */ if (flags & SBRDEC_ELD_GRID) { /* FDKmemset(analysBufferReal[j], 0, 64 * sizeof(FIXP_DBL)); */ - adjustTimeSlot_EldGrid(&analysBufferReal[j][lowSubband], pNrgs, - &h_sbr_cal_env->harmIndex, lowSubband, - noSubbands, - fMin(scale_change, DFRACT_BITS - 1), - noNoiseFlag, &h_sbr_cal_env->phaseIndex, - EXP2SCALE(adj_e) - sbrScaleFactor->lb_scale); + adjustTimeSlot_EldGrid( + &analysBufferReal[j][lowSubband], pNrgs, + &h_sbr_cal_env->harmIndex, lowSubband, noSubbands, + fMin(scale_change, DFRACT_BITS - 1), noNoiseFlag, + &h_sbr_cal_env->phaseIndex, + fMax(EXP2SCALE(adj_e) - sbrScaleFactor->lb_scale, + -(DFRACT_BITS - 1))); } else { adjustTimeSlotLC(&analysBufferReal[j][lowSubband], pNrgs, &h_sbr_cal_env->harmIndex, lowSubband, noSubbands, -- cgit v1.2.3 From 6f98eab35095f5fd7bcfb9df585ff0b0c6f1460d Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 9 Aug 2019 17:09:36 +0200 Subject: Saturate shift value in calculateSbrEnvelope(). Prevents too large shift values. Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I3331ac9bc267cd3fa4c1178bc445998869f0d99b --- libSBRdec/src/env_calc.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libSBRdec/src/env_calc.cpp b/libSBRdec/src/env_calc.cpp index eaf739d..c34ce96 100644 --- a/libSBRdec/src/env_calc.cpp +++ b/libSBRdec/src/env_calc.cpp @@ -1477,7 +1477,7 @@ void calculateSbrEnvelope( for (k = 0; k < noSubbands; k++) { int sc = scale_change - pNrgs->nrgGain_e[k] + (sc_change - 1); - pNrgs->nrgGain[k] >>= sc; + pNrgs->nrgGain[k] >>= fixMin(sc, DFRACT_BITS - 1); pNrgs->nrgGain_e[k] += sc; } @@ -1485,7 +1485,7 @@ void calculateSbrEnvelope( for (k = 0; k < noSubbands; k++) { int sc = scale_change - h_sbr_cal_env->filtBuffer_e[k] + (sc_change - 1); - h_sbr_cal_env->filtBuffer[k] >>= sc; + h_sbr_cal_env->filtBuffer[k] >>= fixMin(sc, DFRACT_BITS - 1); } } -- cgit v1.2.3 From 15965e3feb9025e1db65a7c9a7408b3970430cb8 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 9 Aug 2019 17:10:07 +0200 Subject: Limit too large shift exponent in CJointStereo_ApplyMS() Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: Ia6ab654654e899368ba207a66eddf22b6b855635 --- libAACdec/src/stereo.cpp | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/libAACdec/src/stereo.cpp b/libAACdec/src/stereo.cpp index eed826b..a90ae35 100644 --- a/libAACdec/src/stereo.cpp +++ b/libAACdec/src/stereo.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -807,19 +807,17 @@ void CJointStereo_ApplyMS( for (int i = 0; i < windowLen; i++) { dmx_re_prev[i] = ((staticSpectralCoeffsL[index_offset + i] >> - srLeftChan) + + fMin(DFRACT_BITS - 1, srLeftChan + 1)) + (staticSpectralCoeffsR[index_offset + i] >> - srRightChan)) >> - 1; + fMin(DFRACT_BITS - 1, srRightChan + 1))); } } else { for (int i = 0; i < windowLen; i++) { dmx_re_prev[i] = ((staticSpectralCoeffsL[index_offset + i] >> - srLeftChan) - + fMin(DFRACT_BITS - 1, srLeftChan + 1)) - (staticSpectralCoeffsR[index_offset + i] >> - srRightChan)) >> - 1; + fMin(DFRACT_BITS - 1, srRightChan + 1))); } } } @@ -854,12 +852,13 @@ void CJointStereo_ApplyMS( if (window == 0) { if (dmx_re_prev_e < frameMaxScale) { if (mainband_flag == 0) { - scaleValues(dmx_re_prev, store_dmx_re_prev, windowLen, - -(frameMaxScale - dmx_re_prev_e)); + scaleValues( + dmx_re_prev, store_dmx_re_prev, windowLen, + -fMin(DFRACT_BITS - 1, (frameMaxScale - dmx_re_prev_e))); } else { - for (int i = 0; i < windowLen; i++) { - dmx_re_prev[i] >>= (frameMaxScale - dmx_re_prev_e); - } + scaleValues( + dmx_re_prev, windowLen, + -fMin(DFRACT_BITS - 1, (frameMaxScale - dmx_re_prev_e))); } } else { if (mainband_flag == 0) { @@ -873,10 +872,9 @@ void CJointStereo_ApplyMS( FDK_ASSERT(pAacDecoderChannelInfo[L]->icsInfo.WindowSequence == BLOCK_SHORT); if (specScaleL[window - 1] < frameMaxScale) { - for (int i = 0; i < windowLen; i++) { - dmx_re[windowLen * (window - 1) + i] >>= - (frameMaxScale - specScaleL[window - 1]); - } + scaleValues(&dmx_re[windowLen * (window - 1)], windowLen, + -fMin(DFRACT_BITS - 1, + (frameMaxScale - specScaleL[window - 1]))); } else { specScaleL[window] = specScaleL[window - 1]; specScaleR[window] = specScaleR[window - 1]; -- cgit v1.2.3 From da5b0dcb3c01197b3499e0b569babcb0f5a09bbe Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 9 Aug 2019 17:10:29 +0200 Subject: Restrict size of huffman escape sequence to prevent shift with too large exponent in DecodeEscapeSequence(). Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: Ibcd182e313e9ef480e92619023bf424762b92e23 --- libAACdec/src/aacdec_hcr.cpp | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/libAACdec/src/aacdec_hcr.cpp b/libAACdec/src/aacdec_hcr.cpp index 6114756..a7e9cce 100644 --- a/libAACdec/src/aacdec_hcr.cpp +++ b/libAACdec/src/aacdec_hcr.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -137,7 +137,7 @@ static void DeriveNumberOfExtendedSortedSectionsInSets( static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, INT quantSpecCoef, INT *pLeftStartOfSegment, SCHAR *pRemainingBitsInSegment, - int *pNumDecodedBits); + int *pNumDecodedBits, UINT *errorWord); static int DecodePCW_Sign(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, UINT codebookDim, const SCHAR *pQuantVal, @@ -1179,8 +1179,8 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { bs, pHcr->decInOut.bitstreamAnchor, pQuantizedSpectralCoefficients [quantizedSpectralCoefficientsIdx], - pLeftStartOfSegment, pRemainingBitsInSegment, - &numDecodedBits); + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits, + &pHcr->decInOut.errorLog); } quantizedSpectralCoefficientsIdx++; if (quantizedSpectralCoefficientsIdx >= 1024) { @@ -1195,8 +1195,8 @@ static void DecodePCWs(HANDLE_FDK_BITSTREAM bs, H_HCR_INFO pHcr) { bs, pHcr->decInOut.bitstreamAnchor, pQuantizedSpectralCoefficients [quantizedSpectralCoefficientsIdx], - pLeftStartOfSegment, pRemainingBitsInSegment, - &numDecodedBits); + pLeftStartOfSegment, pRemainingBitsInSegment, &numDecodedBits, + &pHcr->decInOut.errorLog); } quantizedSpectralCoefficientsIdx++; if (quantizedSpectralCoefficientsIdx >= 1024) { @@ -1386,7 +1386,7 @@ value == 16, a escapeSequence is decoded in two steps: static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, INT quantSpecCoef, INT *pLeftStartOfSegment, SCHAR *pRemainingBitsInSegment, - int *pNumDecodedBits) { + int *pNumDecodedBits, UINT *errorWord) { UINT i; INT sign; UINT escapeOnesCounter = 0; @@ -1400,6 +1400,9 @@ static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, FROM_LEFT_TO_RIGHT); *pRemainingBitsInSegment -= 1; *pNumDecodedBits += 1; + if (*pRemainingBitsInSegment < 0) { + return Q_VALUE_INVALID; + } if (carryBit != 0) { escapeOnesCounter += 1; @@ -1416,6 +1419,9 @@ static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, FROM_LEFT_TO_RIGHT); *pRemainingBitsInSegment -= 1; *pNumDecodedBits += 1; + if (*pRemainingBitsInSegment < 0) { + return Q_VALUE_INVALID; + } escape_word <<= 1; escape_word = escape_word | carryBit; @@ -1423,8 +1429,12 @@ static INT DecodeEscapeSequence(HANDLE_FDK_BITSTREAM bs, const INT bsAnchor, sign = (quantSpecCoef >= 0) ? 1 : -1; - quantSpecCoef = sign * (((INT)1 << escapeOnesCounter) + escape_word); - + if (escapeOnesCounter < 13) { + quantSpecCoef = sign * (((INT)1 << escapeOnesCounter) + escape_word); + } else { + *errorWord |= TOO_MANY_PCW_BODY_SIGN_ESC_BITS_DECODED; + quantSpecCoef = Q_VALUE_INVALID; + } return quantSpecCoef; } -- cgit v1.2.3