mirror of https://github.com/mstorsjo/fdk-aac.git
[DO NOT MERGE] Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels(). am: 50aa5be388
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/aac/+/12088847 Change-Id: I40c07a02e1528540b24a5380cff1249ed5076193
This commit is contained in:
commit
0468e02e5b
|
@ -510,9 +510,6 @@ SBR_ERROR sbrDecoder_InitElement (
|
||||||
self->numSbrChannels -= self->pSbrElement[elementIndex]->nChannels;
|
self->numSbrChannels -= self->pSbrElement[elementIndex]->nChannels;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Save element ID for sanity checks and to have a fallback for concealment. */
|
|
||||||
self->pSbrElement[elementIndex]->elementID = elementID;
|
|
||||||
|
|
||||||
/* Determine amount of channels for this element */
|
/* Determine amount of channels for this element */
|
||||||
switch (elementID) {
|
switch (elementID) {
|
||||||
case ID_NONE:
|
case ID_NONE:
|
||||||
|
@ -540,6 +537,16 @@ SBR_ERROR sbrDecoder_InitElement (
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Sanity check to avoid memory leaks */
|
||||||
|
if (elChannels < self->pSbrElement[elementIndex]->nChannels ||
|
||||||
|
(self->numSbrChannels + elChannels) > (8) + (1)) {
|
||||||
|
self->numSbrChannels += self->pSbrElement[elementIndex]->nChannels;
|
||||||
|
sbrError = SBRDEC_PARSE_ERROR;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Save element ID for sanity checks and to have a fallback for concealment. */
|
||||||
|
self->pSbrElement[elementIndex]->elementID = elementID;
|
||||||
self->pSbrElement[elementIndex]->nChannels = elChannels;
|
self->pSbrElement[elementIndex]->nChannels = elChannels;
|
||||||
|
|
||||||
for (ch=0; ch<elChannels; ch++)
|
for (ch=0; ch<elChannels; ch++)
|
||||||
|
|
Loading…
Reference in New Issue