From a7029823f4836a4e8564b636d43e4ebd202f3ec0 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 18 Oct 2019 14:02:38 +0200 Subject: Prevent integer overflow in sbrDecoder_calculateGainVec(). Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I359f7f976a5ad5459be7d7b786145988a175e305 --- libSBRdec/src/HFgen_preFlat.cpp | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'libSBRdec') diff --git a/libSBRdec/src/HFgen_preFlat.cpp b/libSBRdec/src/HFgen_preFlat.cpp index 96adbb9..268011e 100644 --- a/libSBRdec/src/HFgen_preFlat.cpp +++ b/libSBRdec/src/HFgen_preFlat.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -904,23 +904,24 @@ void sbrDecoder_calculateGainVec(FIXP_DBL **sourceBufferReal, } if (maxVal != FL2FX_DBL(0.0f)) { - reserve = fixMax(0, CntLeadingZeros(maxVal) - 2); + reserve = CntLeadingZeros(maxVal) - 2; } nrg_ov = nrg = (FIXP_DBL)0; if (scale_nrg_ov > -31) { for (i = startSample; i < overlap; i++) { - nrg_ov += (fPow2Div2(sourceBufferReal[i][loBand] << reserve) + - fPow2Div2(sourceBufferImag[i][loBand] << reserve)) >> - sum_scale_ov; + nrg_ov += + (fPow2Div2(scaleValue(sourceBufferReal[i][loBand], reserve)) + + fPow2Div2(scaleValue(sourceBufferImag[i][loBand], reserve))) >> + sum_scale_ov; } } else { scale_nrg_ov = 0; } if (scale_nrg > -31) { for (i = overlap; i < stopSample; i++) { - nrg += (fPow2Div2(sourceBufferReal[i][loBand] << reserve) + - fPow2Div2(sourceBufferImag[i][loBand] << reserve)) >> + nrg += (fPow2Div2(scaleValue(sourceBufferReal[i][loBand], reserve)) + + fPow2Div2(scaleValue(sourceBufferImag[i][loBand], reserve))) >> sum_scale; } } else { -- cgit v1.2.3 From 9ba6f8b6a21cca4a4f89d0202af501fd3a67e144 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 18 Oct 2019 14:02:58 +0200 Subject: Fix signed integer overflow in calcFactorPerBand() calculation. Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I9f18f675112651be8dec5c0474601ca6531fbf15 --- libSBRdec/src/sbrdec_freq_sca.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'libSBRdec') diff --git a/libSBRdec/src/sbrdec_freq_sca.cpp b/libSBRdec/src/sbrdec_freq_sca.cpp index 165f94b..e187656 100644 --- a/libSBRdec/src/sbrdec_freq_sca.cpp +++ b/libSBRdec/src/sbrdec_freq_sca.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -230,6 +230,8 @@ static UCHAR getStopBand( } } + stopMin = fMin(stopMin, 64); + /* Choose a stop band between k1 and 64 depending on stopFreq (0..13), based on a logarithmic scale. @@ -523,7 +525,8 @@ static FIXP_SGL calcFactorPerBand(int k_start, int k_stop, int num_bands) { step = FL2FXCONST_DBL(0.0f); } } - return FX_DBL2FX_SGL(bandfactor << 1); + return (bandfactor >= FL2FXCONST_DBL(0.5)) ? (FIXP_SGL)MAXVAL_SGL + : FX_DBL2FX_SGL(bandfactor << 1); } /*! -- cgit v1.2.3 From 54cd15bd807a69a7d68cbb414b8a3ea4b280748f Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 18 Oct 2019 14:05:11 +0200 Subject: Fix nrgGain_e update in equalizeFiltBufferExp(). Prevents negative shift exponents in calculateSbrEnvelope(). Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I66ad54dae0fa1d414d8b2b9a9e0b6145cce4042d --- libSBRdec/src/env_calc.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'libSBRdec') diff --git a/libSBRdec/src/env_calc.cpp b/libSBRdec/src/env_calc.cpp index c34ce96..5cfd56c 100644 --- a/libSBRdec/src/env_calc.cpp +++ b/libSBRdec/src/env_calc.cpp @@ -1831,7 +1831,8 @@ static void equalizeFiltBufferExp( diff = (int)(nrgGain_e[band] - filtBuffer_e[band]); if (diff > 0) { filtBuffer[band] >>= - diff; /* Compensate for the scale change by shifting the mantissa. */ + fMin(diff, DFRACT_BITS - 1); /* Compensate for the scale change by + shifting the mantissa. */ filtBuffer_e[band] += diff; /* New gain is bigger, use its exponent */ } else if (diff < 0) { /* The buffered gains seem to be larger, but maybe there @@ -1851,8 +1852,8 @@ static void equalizeFiltBufferExp( filtBuffer_e[band] -= reserve; /* Compensate in the exponent: */ /* For the remaining difference, change the new gain value */ - diff = fixMin(-(reserve + diff), DFRACT_BITS - 1); - nrgGain[band] >>= diff; + diff = -(reserve + diff); + nrgGain[band] >>= fMin(diff, DFRACT_BITS - 1); nrgGain_e[band] += diff; } } -- cgit v1.2.3 From b2f2a109d3546a1f412fda3a3f41abc6bdb4f949 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Fri, 18 Oct 2019 14:05:33 +0200 Subject: Limit too large shift value in apply_inter_tes(). Bug: 131430997 Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Change-Id: I38cc7053e671f6e20a1a9ba4f1645d1cf8be77e2 --- libSBRdec/src/env_calc.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'libSBRdec') diff --git a/libSBRdec/src/env_calc.cpp b/libSBRdec/src/env_calc.cpp index 5cfd56c..41c9e88 100644 --- a/libSBRdec/src/env_calc.cpp +++ b/libSBRdec/src/env_calc.cpp @@ -739,7 +739,8 @@ static void apply_inter_tes(FIXP_DBL **qmfReal, FIXP_DBL **qmfImag, fMin(DFRACT_BITS - 1, new_summand_sf - total_power_high_after_sf); total_power_high_after_sf = new_summand_sf; } else if (new_summand_sf < total_power_high_after_sf) { - subsample_power_high[i] >>= total_power_high_after_sf - new_summand_sf; + subsample_power_high[i] >>= + fMin(DFRACT_BITS - 1, total_power_high_after_sf - new_summand_sf); } total_power_high_after += subsample_power_high[i] >> preShift2; } -- cgit v1.2.3