From 7104c00b44a4c447bde18d03c8f2e9590706e339 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 29 Oct 2019 13:10:37 +0100 Subject: Move array definition out of for loop in MPEG-D DRC _skipEqInstructions(). Bug: 145669488 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: Icb71fb1cb8e0b64ae969276d08746f687a753467 --- libDRCdec/src/drcDec_reader.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libDRCdec/src/drcDec_reader.cpp') diff --git a/libDRCdec/src/drcDec_reader.cpp b/libDRCdec/src/drcDec_reader.cpp index a784457..9e37246 100644 --- a/libDRCdec/src/drcDec_reader.cpp +++ b/libDRCdec/src/drcDec_reader.cpp @@ -1018,6 +1018,7 @@ static DRC_ERROR _skipEqInstructions(HANDLE_FDK_BITSTREAM hBs, int additionalDrcSetIdPresent, additionalDrcSetIdCount; int dependsOnEqSetPresent, eqChannelGroupCount, tdFilterCascadePresent, subbandGainsPresent, eqTransitionDurationPresent; + UCHAR eqChannelGroupForChannel[8]; FDKpushFor(hBs, 6); /* eqSetId */ FDKpushFor(hBs, 4); /* eqSetComplexityLevel */ @@ -1067,7 +1068,6 @@ static DRC_ERROR _skipEqInstructions(HANDLE_FDK_BITSTREAM hBs, eqChannelGroupCount = 0; for (c = 0; c < channelCount; c++) { - UCHAR eqChannelGroupForChannel[8]; int newGroup = 1; if (c >= 8) return DE_MEMORY_ERROR; eqChannelGroupForChannel[c] = FDKreadBits(hBs, 7); -- cgit v1.2.3 From 3ce7751a440cafe41ff2eefb105b03096fbe122c Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Thu, 20 Dec 2018 15:52:47 +0100 Subject: Perform sanity check on DRC sets and improve the selection process Bug: 137282770 Bug: 141883493 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: Ie8e17c82653cb0d9adcdb10ec3f4875b6207ac6f --- libDRCdec/src/FDK_drcDecLib.cpp | 12 +++++- libDRCdec/src/drcDec_gainDecoder.cpp | 8 ++-- libDRCdec/src/drcDec_reader.cpp | 23 ++++++----- libDRCdec/src/drcDec_selectionProcess.cpp | 64 +++++++++++++++++++++++++++---- libDRCdec/src/drcDec_types.h | 3 ++ 5 files changed, 88 insertions(+), 22 deletions(-) (limited to 'libDRCdec/src/drcDec_reader.cpp') diff --git a/libDRCdec/src/FDK_drcDecLib.cpp b/libDRCdec/src/FDK_drcDecLib.cpp index 4f8ebc7..e43279f 100644 --- a/libDRCdec/src/FDK_drcDecLib.cpp +++ b/libDRCdec/src/FDK_drcDecLib.cpp @@ -145,6 +145,10 @@ struct s_drc_decoder { SEL_PROC_OUTPUT selProcOutput; } DRC_DECODER; +static int _getGainStatus(HANDLE_UNI_DRC_GAIN hUniDrcGain) { + return hUniDrcGain->status; +} + static int isResetNeeded(HANDLE_DRC_DECODER hDrcDec, const SEL_PROC_OUTPUT oldSelProcOutput) { int i, resetNeeded = 0; @@ -729,7 +733,9 @@ FDK_drcDec_ReadUniDrcGain(HANDLE_DRC_DECODER hDrcDec, &(hDrcDec->uniDrcGain)); if (dErr) return DRC_DEC_NOT_OK; - hDrcDec->status = DRC_DEC_NEW_GAIN_PAYLOAD; + if (_getGainStatus(&(hDrcDec->uniDrcGain))) { + hDrcDec->status = DRC_DEC_NEW_GAIN_PAYLOAD; + } return DRC_DEC_OK; } @@ -751,7 +757,9 @@ FDK_drcDec_ReadUniDrc(HANDLE_DRC_DECODER hDrcDec, startSelectionProcess(hDrcDec); if (dErr) return DRC_DEC_NOT_OK; - hDrcDec->status = DRC_DEC_NEW_GAIN_PAYLOAD; + if (_getGainStatus(&(hDrcDec->uniDrcGain))) { + hDrcDec->status = DRC_DEC_NEW_GAIN_PAYLOAD; + } return DRC_DEC_OK; } diff --git a/libDRCdec/src/drcDec_gainDecoder.cpp b/libDRCdec/src/drcDec_gainDecoder.cpp index 9d91267..de54dde 100644 --- a/libDRCdec/src/drcDec_gainDecoder.cpp +++ b/libDRCdec/src/drcDec_gainDecoder.cpp @@ -297,9 +297,11 @@ drcDec_GainDecoder_Conceal(HANDLE_DRC_GAIN_DECODER hGainDec, int seq, gainSequenceCount; DRC_COEFFICIENTS_UNI_DRC* pCoef = selectDrcCoefficients(hUniDrcConfig, LOCATION_SELECTED); - if (pCoef == NULL) return DE_OK; - - gainSequenceCount = fMin(pCoef->gainSequenceCount, (UCHAR)12); + if (pCoef && pCoef->gainSequenceCount) { + gainSequenceCount = fMin(pCoef->gainSequenceCount, (UCHAR)12); + } else { + gainSequenceCount = 1; + } for (seq = 0; seq < gainSequenceCount; seq++) { int lastNodeIndex = 0; diff --git a/libDRCdec/src/drcDec_reader.cpp b/libDRCdec/src/drcDec_reader.cpp index 9e37246..367a352 100644 --- a/libDRCdec/src/drcDec_reader.cpp +++ b/libDRCdec/src/drcDec_reader.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -199,11 +199,8 @@ drcDec_readUniDrc(HANDLE_FDK_BITSTREAM hBs, HANDLE_UNI_DRC_CONFIG hUniDrcConfig, } } - if (hUniDrcGain != NULL) { - err = drcDec_readUniDrcGain(hBs, hUniDrcConfig, frameSize, deltaTminDefault, - hUniDrcGain); - if (err) return err; - } + err = drcDec_readUniDrcGain(hBs, hUniDrcConfig, frameSize, deltaTminDefault, + hUniDrcGain); return err; } @@ -487,10 +484,13 @@ drcDec_readUniDrcGain(HANDLE_FDK_BITSTREAM hBs, int seq, gainSequenceCount; DRC_COEFFICIENTS_UNI_DRC* pCoef = selectDrcCoefficients(hUniDrcConfig, LOCATION_SELECTED); - if (pCoef == NULL) return DE_OK; - if (hUniDrcGain == NULL) return DE_OK; /* hUniDrcGain not initialized yet */ - - gainSequenceCount = fMin(pCoef->gainSequenceCount, (UCHAR)12); + if (hUniDrcGain == NULL) return DE_NOT_OK; + hUniDrcGain->status = 0; + if (pCoef) { + gainSequenceCount = fMin(pCoef->gainSequenceCount, (UCHAR)12); + } else { + gainSequenceCount = 0; + } for (seq = 0; seq < gainSequenceCount; seq++) { UCHAR index = pCoef->gainSetIndexForGainSequence[seq]; @@ -518,6 +518,9 @@ drcDec_readUniDrcGain(HANDLE_FDK_BITSTREAM hBs, if (err) return err; } + if (err == DE_OK && gainSequenceCount > 0) { + hUniDrcGain->status = 1; + } return err; } diff --git a/libDRCdec/src/drcDec_selectionProcess.cpp b/libDRCdec/src/drcDec_selectionProcess.cpp index c33bf74..d806ae9 100644 --- a/libDRCdec/src/drcDec_selectionProcess.cpp +++ b/libDRCdec/src/drcDec_selectionProcess.cpp @@ -956,17 +956,31 @@ static DRCDEC_SELECTION_PROCESS_RETURN _preSelectionRequirement4( return DRCDEC_SELECTION_PROCESS_NO_ERROR; } -/* #5: The number of DRC bands is supported. */ +/* #5: The number of DRC bands is supported. Moreover, gainSetIndex and + * gainSequenceIndex are within the allowed range. */ static DRCDEC_SELECTION_PROCESS_RETURN _preSelectionRequirement5( DRC_INSTRUCTIONS_UNI_DRC* pDrcInstructionUniDrc, DRC_COEFFICIENTS_UNI_DRC* pCoef, int* pMatchFound) { - int i; + int b, i; *pMatchFound = 1; + if (pDrcInstructionUniDrc->drcSetId < 0) /* virtual DRC sets are okay */ + { + return DRCDEC_SELECTION_PROCESS_NO_ERROR; + } + if (pCoef == NULL) /* check for parametricDRC */ { - *pMatchFound = 1; + *pMatchFound = 0; /* parametricDRC not supported */ + return DRCDEC_SELECTION_PROCESS_NO_ERROR; + } + + if (pCoef->drcLocation != + pDrcInstructionUniDrc + ->drcLocation) /* drcLocation must be LOCATION_SELECTED */ + { + *pMatchFound = 0; return DRCDEC_SELECTION_PROCESS_NO_ERROR; } @@ -974,10 +988,14 @@ static DRCDEC_SELECTION_PROCESS_RETURN _preSelectionRequirement5( int indexDrcCoeff = pDrcInstructionUniDrc->gainSetIndexForChannelGroup[i]; int bandCount = 0; + if (indexDrcCoeff >= 12) { + *pMatchFound = 0; + return DRCDEC_SELECTION_PROCESS_NO_ERROR; + } + if (indexDrcCoeff > pCoef->gainSetCount - 1) /* check for parametricDRC */ { - *pMatchFound = 1; - return DRCDEC_SELECTION_PROCESS_NO_ERROR; + continue; } GAIN_SET* gainSet = &(pCoef->gainSet[indexDrcCoeff]); @@ -986,6 +1004,14 @@ static DRCDEC_SELECTION_PROCESS_RETURN _preSelectionRequirement5( if (bandCount > 4) { *pMatchFound = 0; } + + for (b = 0; b < bandCount; b++) { + if ((gainSet->gainSequenceIndex[b] >= 12) || + (gainSet->gainSequenceIndex[b] >= pCoef->gainSequenceCount)) { + *pMatchFound = 0; + return DRCDEC_SELECTION_PROCESS_NO_ERROR; + } + } } return DRCDEC_SELECTION_PROCESS_NO_ERROR; @@ -1078,6 +1104,19 @@ static int _targetLoudnessInRange( return retVal; } +static int _drcSetIsUsable(HANDLE_UNI_DRC_CONFIG hUniDrcConfig, + DRC_INSTRUCTIONS_UNI_DRC* pInst) { + int usable = 0; + DRC_COEFFICIENTS_UNI_DRC* pCoef = + selectDrcCoefficients(hUniDrcConfig, LOCATION_SELECTED); + + /* check if ID is unique */ + if (selectDrcInstructions(hUniDrcConfig, pInst->drcSetId) != pInst) return 0; + /* sanity check on drcInstructions */ + _preSelectionRequirement5(pInst, pCoef, &usable); + return usable; +} + /* #8: The range of the target loudness specified for a DRC set has to include * the requested decoder target loudness. */ static DRCDEC_SELECTION_PROCESS_RETURN _preSelectionRequirement8( @@ -2051,8 +2090,11 @@ static DRCDEC_SELECTION_PROCESS_RETURN _generateOutputInfo( int dependsOnDrcSetID = pSelectionData->pInst->dependsOnDrcSet; for (i = 0; i < hUniDrcConfig->drcInstructionsCountInclVirtual; i++) { - if (hUniDrcConfig->drcInstructionsUniDrc[i].drcSetId == - dependsOnDrcSetID) { + DRC_INSTRUCTIONS_UNI_DRC* pInst = + &(hUniDrcConfig->drcInstructionsUniDrc[i]); + if (!_drcSetIsUsable(hUniDrcConfig, pInst)) continue; + + if (pInst->drcSetId == dependsOnDrcSetID) { hSelProcOutput->selectedDrcSetIds[hSelProcOutput->numSelectedDrcSets] = hUniDrcConfig->drcInstructionsUniDrc[i].drcSetId; hSelProcOutput->selectedDownmixIds[hSelProcOutput->numSelectedDrcSets] = @@ -2071,6 +2113,7 @@ static DRCDEC_SELECTION_PROCESS_RETURN _generateOutputInfo( for (i = 0; i < hUniDrcConfig->drcInstructionsUniDrcCount; i++) { DRC_INSTRUCTIONS_UNI_DRC* pInst = &(hUniDrcConfig->drcInstructionsUniDrc[i]); + if (!_drcSetIsUsable(hUniDrcConfig, pInst)) continue; if (pInst->drcSetEffect & EB_FADE) { if (pInst->downmixId[0] == DOWNMIX_ID_ANY_DOWNMIX) { @@ -2098,6 +2141,7 @@ static DRCDEC_SELECTION_PROCESS_RETURN _generateOutputInfo( for (i = 0; i < hUniDrcConfig->drcInstructionsUniDrcCount; i++) { DRC_INSTRUCTIONS_UNI_DRC* pInst = &(hUniDrcConfig->drcInstructionsUniDrc[i]); + if (!_drcSetIsUsable(hUniDrcConfig, pInst)) continue; if (pInst->drcSetEffect & (EB_DUCK_OTHER | EB_DUCK_SELF)) { for (j = 0; j < pInst->downmixIdCount; j++) { @@ -2124,6 +2168,7 @@ static DRCDEC_SELECTION_PROCESS_RETURN _generateOutputInfo( for (i = 0; i < hUniDrcConfig->drcInstructionsUniDrcCount; i++) { DRC_INSTRUCTIONS_UNI_DRC* pInst = &(hUniDrcConfig->drcInstructionsUniDrc[i]); + if (!_drcSetIsUsable(hUniDrcConfig, pInst)) continue; if (pInst->drcSetEffect & (EB_DUCK_OTHER | EB_DUCK_SELF)) { for (j = 0; j < pInst->downmixIdCount; j++) { @@ -2231,6 +2276,11 @@ static DRCDEC_SELECTION_PROCESS_RETURN _drcSetPreSelection( for (j = 0; j < hUniDrcConfig->drcInstructionsCountInclVirtual; j++) { DRC_INSTRUCTIONS_UNI_DRC* pDrcInstruction = &(hUniDrcConfig->drcInstructionsUniDrc[j]); + /* check if ID is unique */ + if (selectDrcInstructions(hUniDrcConfig, pDrcInstruction->drcSetId) != + pDrcInstruction) + continue; + retVal = _drcSetPreSelectionSingleInstruction( hSelProcInput, i, hUniDrcConfig, hLoudnessInfoSet, pDrcInstruction, *ppCandidatesPotential, *ppCandidatesSelected, codecMode); diff --git a/libDRCdec/src/drcDec_types.h b/libDRCdec/src/drcDec_types.h index 6b99018..b0d89c1 100644 --- a/libDRCdec/src/drcDec_types.h +++ b/libDRCdec/src/drcDec_types.h @@ -130,6 +130,9 @@ typedef struct { UCHAR uniDrcGainExtPresent; UNI_DRC_GAIN_EXTENSION uniDrcGainExtension; + + /* derived data */ + UCHAR status; } UNI_DRC_GAIN, *HANDLE_UNI_DRC_GAIN; /****************/ -- cgit v1.2.3 From 2b3e9ddc814b6cff20e296212f8ffbbb277f1df8 Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Tue, 17 Nov 2020 12:54:43 +0200 Subject: Revert "Don't use an enum for a value read directly from the bitstream" This reverts commit 28fcbe9faed794a9d74aef529beb83386da1f4aa. This local fix doesn't seem to be needed any more after the latest upstream update. --- libDRCdec/src/drcDec_reader.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libDRCdec/src/drcDec_reader.cpp') diff --git a/libDRCdec/src/drcDec_reader.cpp b/libDRCdec/src/drcDec_reader.cpp index ca35345..367a352 100644 --- a/libDRCdec/src/drcDec_reader.cpp +++ b/libDRCdec/src/drcDec_reader.cpp @@ -914,7 +914,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) { firFilterOrder; int uniqueEqSubbandGainsCount, eqSubbandGainRepresentation, eqSubbandGainCount; - int eqSubbandGainFormat; + EQ_SUBBAND_GAIN_FORMAT eqSubbandGainFormat; eqDelayMaxPresent = FDKreadBits(hBs, 1); if (eqDelayMaxPresent) { @@ -955,7 +955,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) { uniqueEqSubbandGainsCount = FDKreadBits(hBs, 6); if (uniqueEqSubbandGainsCount > 0) { eqSubbandGainRepresentation = FDKreadBits(hBs, 1); - eqSubbandGainFormat = FDKreadBits(hBs, 4); + eqSubbandGainFormat = (EQ_SUBBAND_GAIN_FORMAT)FDKreadBits(hBs, 4); switch (eqSubbandGainFormat) { case GF_QMF32: eqSubbandGainCount = 32; -- cgit v1.2.3 From 2e64f76d2e246cd01cf87c12c06b300571ea3d3b Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Mon, 30 Nov 2020 12:55:07 +0200 Subject: Don't use an enum for a value read directly from the bitstream The enum doesn't cover all possible values read from the bitstream. This fixes undefined behaviour sanitizer errors. Fixes: 27624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-6049277318791168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libDRCdec/src/drcDec_reader.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libDRCdec/src/drcDec_reader.cpp') diff --git a/libDRCdec/src/drcDec_reader.cpp b/libDRCdec/src/drcDec_reader.cpp index 367a352..ca35345 100644 --- a/libDRCdec/src/drcDec_reader.cpp +++ b/libDRCdec/src/drcDec_reader.cpp @@ -914,7 +914,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) { firFilterOrder; int uniqueEqSubbandGainsCount, eqSubbandGainRepresentation, eqSubbandGainCount; - EQ_SUBBAND_GAIN_FORMAT eqSubbandGainFormat; + int eqSubbandGainFormat; eqDelayMaxPresent = FDKreadBits(hBs, 1); if (eqDelayMaxPresent) { @@ -955,7 +955,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) { uniqueEqSubbandGainsCount = FDKreadBits(hBs, 6); if (uniqueEqSubbandGainsCount > 0) { eqSubbandGainRepresentation = FDKreadBits(hBs, 1); - eqSubbandGainFormat = (EQ_SUBBAND_GAIN_FORMAT)FDKreadBits(hBs, 4); + eqSubbandGainFormat = FDKreadBits(hBs, 4); switch (eqSubbandGainFormat) { case GF_QMF32: eqSubbandGainCount = 32; -- cgit v1.2.3