From 44ac411683e7cfbfdb1f58e02d54377d709c8dd4 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Wed, 9 May 2018 13:32:45 +0200 Subject: FDK patches: fix overflows in decoder out-of-band config Bug: 71430241 Bug: 79220129 Test: cts-tradefed run commandAndExit cts-dev -m CtsMediaTestCases -t android.media.cts.DecoderTestXheAac cts-tradefed run commandAndExit cts-dev -m CtsMediaTestCases -t android.media.cts.DecoderTestAacDrc Unsigned Integer Overflows in CDataStreamElement_Read() Change-Id: Ic2f5b3ae111bf984d4d0db664823798957b0a979 Unsigned Integer Overflow in CProgramConfig_ReadHeightExt() Change-Id: Iaebc458bb59504203e604a28ed6d5cecaa875c42 Unsigned Integer Overflow in transportDec_OutOfBandConfig() Change-Id: I24a4b32d736f28c55147f0e2ca06fe5537da19c2 Unsigned Integer Overflows in CDKcrcEndReg() & crcCalc() Change-Id: I6ebbe541a4d3b6bacbd5ace17264972951de7ca8 Unsigned Integer Overflows in ReadPsData() Change-Id: Id36576fe545236860a06f17971494ecd4484c494 Unsigned Integer Overflow in SpatialDecParseSpecificConfig() Change-Id: Ib468f129a951c69776b88468407f008ab4cfd2c7 Unsigned Integer Overflows in _readUniDrcConfigExtension() & _readLoudnessInfoSetExtension() Change-Id: Ibcf7c6a23af49239206ea9301c58adac36e3ceba --- libFDK/include/FDK_crc.h | 4 ++-- libFDK/src/FDK_crc.cpp | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'libFDK') diff --git a/libFDK/include/FDK_crc.h b/libFDK/include/FDK_crc.h index 17439ab..6c7040c 100644 --- a/libFDK/include/FDK_crc.h +++ b/libFDK/include/FDK_crc.h @@ -115,8 +115,8 @@ amm-info@iis.fraunhofer.de typedef struct { UCHAR isActive; INT maxBits; - UINT bitBufCntBits; - UINT validBits; + INT bitBufCntBits; + INT validBits; } CCrcRegData; diff --git a/libFDK/src/FDK_crc.cpp b/libFDK/src/FDK_crc.cpp index 39f87d3..e208338 100644 --- a/libFDK/src/FDK_crc.cpp +++ b/libFDK/src/FDK_crc.cpp @@ -281,7 +281,7 @@ INT FDKcrcStartReg(HANDLE_FDK_CRCINFO hCrcInfo, const HANDLE_FDK_BITSTREAM hBs, FDK_ASSERT(hCrcInfo->crcRegData[reg].isActive == 0); hCrcInfo->crcRegData[reg].isActive = 1; hCrcInfo->crcRegData[reg].maxBits = mBits; - hCrcInfo->crcRegData[reg].validBits = FDKgetValidBits(hBs); + hCrcInfo->crcRegData[reg].validBits = (INT)FDKgetValidBits(hBs); hCrcInfo->crcRegData[reg].bitBufCntBits = 0; hCrcInfo->regStart = (hCrcInfo->regStart + 1) % MAX_CRC_REGS; @@ -296,10 +296,10 @@ INT FDKcrcEndReg(HANDLE_FDK_CRCINFO hCrcInfo, const HANDLE_FDK_BITSTREAM hBs, if (hBs->ConfigCache == BS_WRITER) { hCrcInfo->crcRegData[reg].bitBufCntBits = - FDKgetValidBits(hBs) - hCrcInfo->crcRegData[reg].validBits; + (INT)FDKgetValidBits(hBs) - hCrcInfo->crcRegData[reg].validBits; } else { hCrcInfo->crcRegData[reg].bitBufCntBits = - hCrcInfo->crcRegData[reg].validBits - FDKgetValidBits(hBs); + hCrcInfo->crcRegData[reg].validBits - (INT)FDKgetValidBits(hBs); } if (hCrcInfo->crcRegData[reg].maxBits == 0) { @@ -432,7 +432,7 @@ static void crcCalc(HANDLE_FDK_CRCINFO hCrcInfo, HANDLE_FDK_BITSTREAM hBs, if (hBs->ConfigCache == BS_READER) { bsReader = *hBs; FDKpushBiDirectional(&bsReader, - -(INT)(rD->validBits - FDKgetValidBits(&bsReader))); + -(rD->validBits - (INT)FDKgetValidBits(&bsReader))); } else { FDKinitBitStream(&bsReader, hBs->hBitBuf.Buffer, hBs->hBitBuf.bufSize, hBs->hBitBuf.ValidBits, BS_READER); @@ -441,7 +441,7 @@ static void crcCalc(HANDLE_FDK_CRCINFO hCrcInfo, HANDLE_FDK_BITSTREAM hBs, int bits, rBits; rBits = (rD->maxBits >= 0) ? rD->maxBits : -rD->maxBits; /* ramaining bits */ - if ((rD->maxBits > 0) && (((INT)rD->bitBufCntBits >> 3 << 3) < rBits)) { + if ((rD->maxBits > 0) && ((rD->bitBufCntBits >> 3 << 3) < rBits)) { bits = rD->bitBufCntBits; } else { bits = rBits; -- cgit v1.2.3