From 9edc5864fae850d6b7fe8f648bf34955bf36eae9 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 29 Jun 2018 16:32:28 +0200 Subject: Signed Integer Overflow in E_UTIL_preemph() Bug: 112661356 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: Ibc7120aba3d357bfb8d751d80d99a6e0f51473e4 --- libAACdec/src/usacdec_fac.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libAACdec/src/usacdec_fac.cpp') diff --git a/libAACdec/src/usacdec_fac.cpp b/libAACdec/src/usacdec_fac.cpp index 71ce4a9..6b595d4 100644 --- a/libAACdec/src/usacdec_fac.cpp +++ b/libAACdec/src/usacdec_fac.cpp @@ -142,7 +142,7 @@ FIXP_DBL *CLpd_FAC_GetMemory(CAacDecoderChannelInfo *pAacDecoderChannelInfo, return ptr; } -int CLpd_FAC_Read(HANDLE_FDK_BITSTREAM hBs, FIXP_DBL *pFac, UCHAR *pFacScale, +int CLpd_FAC_Read(HANDLE_FDK_BITSTREAM hBs, FIXP_DBL *pFac, SCHAR *pFacScale, int length, int use_gain, int frame) { FIXP_DBL fac_gain; int fac_gain_e = 0; -- cgit v1.2.3 From 1450575edff0ba55e5d253737bfeb7792f4386b9 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 29 Jun 2018 16:32:57 +0200 Subject: Signed Integer Overflow in CLpd_FAC_Acelp2Mdct() Bug: 112663384 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I5e41f1455ab35060c136abb7f4945fe9a545633c --- libAACdec/src/usacdec_fac.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libAACdec/src/usacdec_fac.cpp') diff --git a/libAACdec/src/usacdec_fac.cpp b/libAACdec/src/usacdec_fac.cpp index 71ce4a9..48eec47 100644 --- a/libAACdec/src/usacdec_fac.cpp +++ b/libAACdec/src/usacdec_fac.cpp @@ -538,7 +538,7 @@ INT CLpd_FAC_Acelp2Mdct(H_MDCT hMdct, FIXP_DBL *output, FIXP_DBL *_pSpec, if (total_gain != (FIXP_DBL)0) { scaleValuesWithFactor(pSpec, total_gain, tl, spec_scale[0] + scale); } else { - scaleValues(pSpec, tl, spec_scale[0] + scale); + scaleValuesSaturate(pSpec, tl, spec_scale[0] + scale); } pOut1 += fl / 2 - 1; @@ -627,7 +627,7 @@ INT CLpd_FAC_Acelp2Mdct(H_MDCT hMdct, FIXP_DBL *output, FIXP_DBL *_pSpec, if (total_gain != (FIXP_DBL)0) { scaleValuesWithFactor(pSpec, total_gain, tl, spec_scale[w] + scale); } else { - scaleValues(pSpec, tl, spec_scale[w] + scale); + scaleValuesSaturate(pSpec, tl, spec_scale[w] + scale); } if (noOutSamples <= nrSamples) { -- cgit v1.2.3 From 8166502969e261270d098146c3fcae37d92d3c50 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 29 Jun 2018 16:33:30 +0200 Subject: Prevent overflow in usac filters Bug: 112663886 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: Ie7af65a1a556afb141ea5272f70bfea11881ac30 --- libAACdec/src/usacdec_acelp.cpp | 10 +++++----- libAACdec/src/usacdec_const.h | 1 + libAACdec/src/usacdec_fac.cpp | 8 +++----- 3 files changed, 9 insertions(+), 10 deletions(-) (limited to 'libAACdec/src/usacdec_fac.cpp') diff --git a/libAACdec/src/usacdec_acelp.cpp b/libAACdec/src/usacdec_acelp.cpp index af1f488..9fecebf 100644 --- a/libAACdec/src/usacdec_acelp.cpp +++ b/libAACdec/src/usacdec_acelp.cpp @@ -579,11 +579,11 @@ void Syn_filt(const FIXP_LPC a[], /* (i) : a[m] prediction coefficients Q12 */ L_tmp = (FIXP_DBL)0; for (j = 0; j < M_LP_FILTER_ORDER; j++) { - L_tmp -= fMultDiv2(a[j], y[i - (j + 1)]); + L_tmp -= fMultDiv2(a[j], y[i - (j + 1)]) >> (LP_FILTER_SCALE - 1); } - L_tmp = scaleValue(L_tmp, a_exp + 1); - y[i] = L_tmp + x[i]; + L_tmp = scaleValue(L_tmp, a_exp + LP_FILTER_SCALE); + y[i] = fAddSaturate(L_tmp, x[i]); } return; @@ -631,10 +631,10 @@ void E_UTIL_residu(const FIXP_LPC *a, const INT a_exp, FIXP_DBL *x, FIXP_DBL *y, s = (FIXP_DBL)0; for (j = 0; j < M_LP_FILTER_ORDER; j++) { - s += fMultDiv2(a[j], x[i - j - 1]); + s += fMultDiv2(a[j], x[i - j - 1]) >> (LP_FILTER_SCALE - 1); } - s = scaleValue(s, a_exp + 1); + s = scaleValue(s, a_exp + LP_FILTER_SCALE); y[i] = fAddSaturate(s, x[i]); } diff --git a/libAACdec/src/usacdec_const.h b/libAACdec/src/usacdec_const.h index c7dbae7..f68e808 100644 --- a/libAACdec/src/usacdec_const.h +++ b/libAACdec/src/usacdec_const.h @@ -115,6 +115,7 @@ amm-info@iis.fraunhofer.de /* definitions which are independent of coreCoderFrameLength */ #define M_LP_FILTER_ORDER 16 /* LP filter order */ +#define LP_FILTER_SCALE 4 /* LP filter scale */ #define PIT_MIN_12k8 34 /* Minimum pitch lag with resolution 1/4 */ #define PIT_MAX_12k8 231 /* Maximum pitch lag for fs=12.8kHz */ diff --git a/libAACdec/src/usacdec_fac.cpp b/libAACdec/src/usacdec_fac.cpp index 71ce4a9..f349ede 100644 --- a/libAACdec/src/usacdec_fac.cpp +++ b/libAACdec/src/usacdec_fac.cpp @@ -191,13 +191,11 @@ static void Syn_filt_zero(const FIXP_LPC a[], const INT a_exp, INT length, L_tmp = (FIXP_DBL)0; for (j = 0; j < fMin(i, M_LP_FILTER_ORDER); j++) { - L_tmp -= fMultDiv2(a[j], x[i - (j + 1)]); + L_tmp -= fMultDiv2(a[j], x[i - (j + 1)]) >> (LP_FILTER_SCALE - 1); } - L_tmp = scaleValue(L_tmp, a_exp + 1); - - x[i] = scaleValueSaturate((x[i] >> 1) + (L_tmp >> 1), - 1); /* Avoid overflow issues and saturate. */ + L_tmp = scaleValue(L_tmp, a_exp + LP_FILTER_SCALE); + x[i] = fAddSaturate(x[i], L_tmp); } } -- cgit v1.2.3 From fa8a80d8901e5cba18c932da42aa659e4d6c23a2 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Wed, 15 Aug 2018 14:32:17 +0200 Subject: Signed Integer Overflows in imlt_block() Bug: 112890242 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I98fda0eea7f7223d76df31776c6723b618e5b581 --- libAACdec/src/usacdec_fac.cpp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'libAACdec/src/usacdec_fac.cpp') diff --git a/libAACdec/src/usacdec_fac.cpp b/libAACdec/src/usacdec_fac.cpp index c10a3fe..0d3d844 100644 --- a/libAACdec/src/usacdec_fac.cpp +++ b/libAACdec/src/usacdec_fac.cpp @@ -534,10 +534,12 @@ INT CLpd_FAC_Acelp2Mdct(H_MDCT hMdct, FIXP_DBL *output, FIXP_DBL *_pSpec, /* Optional scaling of time domain - no yet windowed - of current spectrum */ if (total_gain != (FIXP_DBL)0) { - scaleValuesWithFactor(pSpec, total_gain, tl, spec_scale[0] + scale); - } else { - scaleValuesSaturate(pSpec, tl, spec_scale[0] + scale); + for (i = 0; i < tl; i++) { + pSpec[i] = fMult(pSpec[i], total_gain); + } } + int loc_scale = fixmin_I(spec_scale[0] + scale, (INT)DFRACT_BITS - 1); + scaleValuesSaturate(pSpec, tl, loc_scale); pOut1 += fl / 2 - 1; pCurr = pSpec + tl - fl / 2; @@ -623,10 +625,12 @@ INT CLpd_FAC_Acelp2Mdct(H_MDCT hMdct, FIXP_DBL *output, FIXP_DBL *_pSpec, */ /* and de-scale current spectrum signal (time domain, no yet windowed) */ if (total_gain != (FIXP_DBL)0) { - scaleValuesWithFactor(pSpec, total_gain, tl, spec_scale[w] + scale); - } else { - scaleValuesSaturate(pSpec, tl, spec_scale[w] + scale); + for (i = 0; i < tl; i++) { + pSpec[i] = fMult(pSpec[i], total_gain); + } } + loc_scale = fixmin_I(spec_scale[w] + scale, (INT)DFRACT_BITS - 1); + scaleValuesSaturate(pSpec, tl, loc_scale); if (noOutSamples <= nrSamples) { /* Divert output first half to overlap buffer if we already got enough -- cgit v1.2.3