mirror of https://github.com/mstorsjo/fdk-aac.git
Prevent out of bounds accesses in lppTransposer() and lppTransposerHBE()
Bug: 112160868 Test: see poc in bug Change-Id: I6a2161865d9cb9b51dc37c09d6e3a4a8e5d11f86
This commit is contained in:
Fraunhofer IIS FDK
Jean-Michel Trivi
parent
42f714f2ab
commit
4dad829df0
|
|
@ -27,6 +27,9 @@ cc_library_static {
|
|||
misc_undefined:["unsigned-integer-overflow", "signed-integer-overflow"],
|
||||
cfi: true,
|
||||
},
|
||||
shared_libs: [
|
||||
"liblog",
|
||||
],
|
||||
export_include_dirs: [
|
||||
"libAACdec/include",
|
||||
"libAACenc/include",
|
||||
|
|
|
|||
|
|
@ -118,6 +118,10 @@ amm-info@iis.fraunhofer.de
|
|||
\sa lppTransposer(), main_audio.cpp, sbr_scale.h, \ref documentationOverview
|
||||
*/
|
||||
|
||||
#ifdef __ANDROID__
|
||||
#include "log/log.h"
|
||||
#endif
|
||||
|
||||
#include "lpp_tran.h"
|
||||
|
||||
#include "sbr_ram.h"
|
||||
|
|
@ -295,7 +299,6 @@ void lppTransposer(
|
|||
int ovLowBandShift;
|
||||
int lowBandShift;
|
||||
/* int ovHighBandShift;*/
|
||||
int targetStopBand;
|
||||
|
||||
alphai[0] = FL2FXCONST_SGL(0.0f);
|
||||
alphai[1] = FL2FXCONST_SGL(0.0f);
|
||||
|
|
@ -311,25 +314,34 @@ void lppTransposer(
|
|||
|
||||
autoCorrLength = pSettings->nCols + pSettings->overlap;
|
||||
|
||||
/* Set upper subbands to zero:
|
||||
This is required in case that the patches do not cover the complete
|
||||
highband (because the last patch would be too short). Possible
|
||||
optimization: Clearing bands up to usb would be sufficient here. */
|
||||
targetStopBand = patchParam[pSettings->noOfPatches - 1].targetStartBand +
|
||||
patchParam[pSettings->noOfPatches - 1].numBandsInPatch;
|
||||
if (pSettings->noOfPatches > 0) {
|
||||
/* Set upper subbands to zero:
|
||||
This is required in case that the patches do not cover the complete
|
||||
highband (because the last patch would be too short). Possible
|
||||
optimization: Clearing bands up to usb would be sufficient here. */
|
||||
int targetStopBand =
|
||||
patchParam[pSettings->noOfPatches - 1].targetStartBand +
|
||||
patchParam[pSettings->noOfPatches - 1].numBandsInPatch;
|
||||
|
||||
int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL);
|
||||
int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL);
|
||||
|
||||
if (!useLP) {
|
||||
for (i = startSample; i < stopSampleClear; i++) {
|
||||
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
|
||||
FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize);
|
||||
}
|
||||
} else {
|
||||
for (i = startSample; i < stopSampleClear; i++) {
|
||||
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
|
||||
if (!useLP) {
|
||||
for (i = startSample; i < stopSampleClear; i++) {
|
||||
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
|
||||
FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize);
|
||||
}
|
||||
} else {
|
||||
for (i = startSample; i < stopSampleClear; i++) {
|
||||
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifdef __ANDROID__
|
||||
else {
|
||||
// Safetynet logging
|
||||
android_errorWriteLog(0x534e4554, "112160868");
|
||||
}
|
||||
#endif
|
||||
|
||||
/* init bwIndex for each patch */
|
||||
FDKmemclear(bwIndex, sizeof(bwIndex));
|
||||
|
|
@ -874,7 +886,6 @@ void lppTransposerHBE(
|
|||
int ovLowBandShift;
|
||||
int lowBandShift;
|
||||
/* int ovHighBandShift;*/
|
||||
int targetStopBand;
|
||||
|
||||
alphai[0] = FL2FXCONST_SGL(0.0f);
|
||||
alphai[1] = FL2FXCONST_SGL(0.0f);
|
||||
|
|
@ -889,19 +900,28 @@ void lppTransposerHBE(
|
|||
|
||||
autoCorrLength = pSettings->nCols + pSettings->overlap;
|
||||
|
||||
/* Set upper subbands to zero:
|
||||
This is required in case that the patches do not cover the complete
|
||||
highband (because the last patch would be too short). Possible
|
||||
optimization: Clearing bands up to usb would be sufficient here. */
|
||||
targetStopBand = patchParam[pSettings->noOfPatches - 1].targetStartBand +
|
||||
patchParam[pSettings->noOfPatches - 1].numBandsInPatch;
|
||||
if (pSettings->noOfPatches > 0) {
|
||||
/* Set upper subbands to zero:
|
||||
This is required in case that the patches do not cover the complete
|
||||
highband (because the last patch would be too short). Possible
|
||||
optimization: Clearing bands up to usb would be sufficient here. */
|
||||
int targetStopBand =
|
||||
patchParam[pSettings->noOfPatches - 1].targetStartBand +
|
||||
patchParam[pSettings->noOfPatches - 1].numBandsInPatch;
|
||||
|
||||
int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL);
|
||||
int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL);
|
||||
|
||||
for (i = startSample; i < stopSampleClear; i++) {
|
||||
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
|
||||
FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize);
|
||||
for (i = startSample; i < stopSampleClear; i++) {
|
||||
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
|
||||
FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize);
|
||||
}
|
||||
}
|
||||
#ifdef __ANDROID__
|
||||
else {
|
||||
// Safetynet logging
|
||||
android_errorWriteLog(0x534e4554, "112160868");
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
Calc common low band scale factor
|
||||
|
|
|
|||
Loading…
Reference in New Issue