From 82383e3212cb5ec84dd403a44ee4c01193961c8f Mon Sep 17 00:00:00 2001
From: Fraunhofer IIS FDK <audio-fdk@iis.fraunhofer.de>
Date: Fri, 19 Oct 2018 16:42:30 +0200
Subject: [PATCH] Fix potential invalid memory access for concealment in
 decodeEnvelope()

Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I916a24c000ef792aa3d5befa02a6b6f673161844
---
 libSBRdec/src/env_dec.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/libSBRdec/src/env_dec.cpp b/libSBRdec/src/env_dec.cpp
index 05accd1..95807c9 100644
--- a/libSBRdec/src/env_dec.cpp
+++ b/libSBRdec/src/env_dec.cpp
@@ -506,15 +506,20 @@ static void decodeEnvelope(
          */
         for (i = 0; i < hHeaderData->freqBandData.nSfb[1]; i++) {
           /* Former Level-Channel will be used for both channels */
-          if (h_prev_data->coupling == COUPLING_BAL)
-            h_prev_data->sfb_nrg_prev[i] = otherChannel->sfb_nrg_prev[i];
+          if (h_prev_data->coupling == COUPLING_BAL) {
+            h_prev_data->sfb_nrg_prev[i] =
+                (otherChannel != NULL) ? otherChannel->sfb_nrg_prev[i]
+                                       : (FIXP_SGL)SBR_ENERGY_PAN_OFFSET;
+          }
           /* Former L/R will be combined as the new Level-Channel */
-          else if (h_sbr_data->coupling == COUPLING_LEVEL)
+          else if (h_sbr_data->coupling == COUPLING_LEVEL &&
+                   otherChannel != NULL) {
             h_prev_data->sfb_nrg_prev[i] = (h_prev_data->sfb_nrg_prev[i] +
                                             otherChannel->sfb_nrg_prev[i]) >>
                                            1;
-          else if (h_sbr_data->coupling == COUPLING_BAL)
+          } else if (h_sbr_data->coupling == COUPLING_BAL) {
             h_prev_data->sfb_nrg_prev[i] = (FIXP_SGL)SBR_ENERGY_PAN_OFFSET;
+          }
         }
       }
     }