mirror of https://github.com/mstorsjo/fdk-aac.git
DO NOT MERGE Prevent out of bound memory access in GetInvInt
In GetInvInt(int) function, malicious content can access memory outside of the invCount array. Always bound access to valid indices. Test: see bug for malicious content, decoded with "stagefright -s -a" Bug: 65025048 Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
This commit is contained in:
parent
9d4702f2d9
commit
51f38b3a6d
|
@ -479,14 +479,18 @@ inline FIXP_DBL fAddSaturate(const FIXP_DBL a, const FIXP_DBL b)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Calculate the value of 1/i where i is a integer value. It supports
|
* \brief Calculate the value of 1/i where i is a integer value. It supports
|
||||||
* input values from 1 upto 80.
|
* input values from 0 upto 79.
|
||||||
* \param intValue Integer input value.
|
* \param intValue Integer input value.
|
||||||
* \param FIXP_DBL representation of 1/intValue
|
* \param FIXP_DBL representation of 1/intValue
|
||||||
*/
|
*/
|
||||||
inline FIXP_DBL GetInvInt(int intValue)
|
inline FIXP_DBL GetInvInt(int intValue)
|
||||||
{
|
{
|
||||||
FDK_ASSERT((intValue > 0) && (intValue < 80));
|
FDK_ASSERT((intValue >= 0) && (intValue < 80));
|
||||||
FDK_ASSERT(intValue<80);
|
if (intValue > 79)
|
||||||
|
return invCount[79];
|
||||||
|
else if (intValue < 0)
|
||||||
|
return invCount[0];
|
||||||
|
else
|
||||||
return invCount[intValue];
|
return invCount[intValue];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue