From 48a4bca8b37a2e9cd9332d602efff6fc1469adb8 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 29 Jun 2018 16:33:55 +0200 Subject: Improve error robustness in arithmetic decoder Bug: 112663564 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I3025adbf308bf510dc5bdc1d70c58979fb182187 --- libArithCoding/src/ac_arith_coder.cpp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'libArithCoding') diff --git a/libArithCoding/src/ac_arith_coder.cpp b/libArithCoding/src/ac_arith_coder.cpp index b791f39..a433b08 100644 --- a/libArithCoding/src/ac_arith_coder.cpp +++ b/libArithCoding/src/ac_arith_coder.cpp @@ -609,13 +609,16 @@ static inline ULONG get_pk_v2(ULONG s) { return (j & 0x3F); } -static void decode2(HANDLE_FDK_BITSTREAM bbuf, UCHAR *RESTRICT c_prev, - FIXP_DBL *RESTRICT pSpectralCoefficient, INT n, INT nt) { +static ARITH_CODING_ERROR decode2(HANDLE_FDK_BITSTREAM bbuf, + UCHAR *RESTRICT c_prev, + FIXP_DBL *RESTRICT pSpectralCoefficient, + INT n, INT nt) { Tastat as; int i, l, r; INT lev, esc_nb, pki; USHORT state_inc; UINT s; + ARITH_CODING_ERROR ErrorStatus = ARITH_CODER_OK; int c_3 = 0; /* context of current frame 3 time steps ago */ int c_2 = 0; /* context of current frame 2 time steps ago */ @@ -655,6 +658,8 @@ static void decode2(HANDLE_FDK_BITSTREAM bbuf, UCHAR *RESTRICT c_prev, lev++; + if (lev > 23) return ARITH_CODER_ERROR; + if (esc_nb < 7) { esc_nb++; } @@ -721,6 +726,8 @@ static void decode2(HANDLE_FDK_BITSTREAM bbuf, UCHAR *RESTRICT c_prev, } FDKmemset(&c_prev[i], 1, sizeof(c_prev[0]) * (nt - i)); + + return ErrorStatus; } CArcoData *CArco_Create(void) { return GetArcoData(); } @@ -763,7 +770,8 @@ ARITH_CODING_ERROR CArco_DecodeArithData(CArcoData *pArcoData, pArcoData->m_numberLinesPrev = lg_max; if (lg > 0) { - decode2(hBs, pArcoData->c_prev + 2, mdctSpectrum, lg >> 1, lg_max >> 1); + ErrorStatus = + decode2(hBs, pArcoData->c_prev + 2, mdctSpectrum, lg >> 1, lg_max >> 1); } else { FDKmemset(&pArcoData->c_prev[2], 1, sizeof(pArcoData->c_prev[2]) * (lg_max >> 1)); -- cgit v1.2.3