fenix/fdk-aac
1
0
Fork 0
mirror of https://github.com/mstorsjo/fdk-aac.git synced 2025-01-24 12:51:12 +01:00
Code Issues Projects Releases Wiki Activity

DO NOT MERGE Prevent out of bound memory access in GetInvInt

Browse Source 
In GetInvInt(int) function, malicious content can access memory
 outside of the invCount array. Always bound access to valid
 indices.

Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
This commit is contained in:
Jean-Michel Trivi 2017-10-24 17:39:19 -07:00
parent 47dd0b4589
commit 5ce724f1dd
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libFDK/include/fixpoint_math.h
View File

@ -479,15 +479,19 @@ inline FIXP_DBL fAddSaturate(const FIXP_DBL a, const FIXP_DBL b)
/**
* \brief Calculate the value of 1/i where i is a integer value. It supports
* input values from 1 upto 80.
* input values from 0 upto 79.
* \param intValue Integer input value.
* \param FIXP_DBL representation of 1/intValue
*/
inline FIXP_DBL GetInvInt(int intValue)
{
FDK_ASSERT((intValue > 0) && (intValue < 80));
FDK_ASSERT(intValue<80);
return invCount[intValue];
FDK_ASSERT((intValue >= 0) && (intValue < 80));
if (intValue > 79)
return invCount[79];
else if (intValue < 0)
return invCount[0];
else
return invCount[intValue];
}