fenix
/
fdk-aac
mirror of https://github.com/mstorsjo/fdk-aac.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge "Prevent out of bounds accesses in lppTransposer() and lppTransposerHBE()" into pi-dev

This commit is contained in:
Jean-Michel Trivi 2018-10-08 21:20:57 +00:00 committed by Android (Google) Code Review
parent 28234107a7 4dad829df0
commit 927448349c
2 changed files with 50 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Android.bp
View File

@ -27,6 +27,9 @@ cc_library_static {
misc_undefined:["unsigned-integer-overflow", "signed-integer-overflow"], misc_undefined:["unsigned-integer-overflow", "signed-integer-overflow"],
cfi: true, cfi: true,
}, },
shared_libs: [
"liblog",
],
export_include_dirs: [ export_include_dirs: [
"libAACdec/include", "libAACdec/include",
"libAACenc/include", "libAACenc/include",

74
libSBRdec/src/lpp_tran.cpp
View File

@ -118,6 +118,10 @@ amm-info@iis.fraunhofer.de
\sa lppTransposer(), main_audio.cpp, sbr_scale.h, \ref documentationOverview \sa lppTransposer(), main_audio.cpp, sbr_scale.h, \ref documentationOverview
*/ */
#ifdef __ANDROID__
#include "log/log.h"
#endif
#include "lpp_tran.h" #include "lpp_tran.h"
#include "sbr_ram.h" #include "sbr_ram.h"
@ -295,7 +299,6 @@ void lppTransposer(
int ovLowBandShift; int ovLowBandShift;
int lowBandShift; int lowBandShift;
/* int ovHighBandShift;*/ /* int ovHighBandShift;*/
int targetStopBand;
alphai[0] = FL2FXCONST_SGL(0.0f); alphai[0] = FL2FXCONST_SGL(0.0f);
alphai[1] = FL2FXCONST_SGL(0.0f); alphai[1] = FL2FXCONST_SGL(0.0f);
@ -311,25 +314,34 @@ void lppTransposer(
autoCorrLength = pSettings->nCols + pSettings->overlap; autoCorrLength = pSettings->nCols + pSettings->overlap;
/* Set upper subbands to zero: if (pSettings->noOfPatches > 0) {
This is required in case that the patches do not cover the complete /* Set upper subbands to zero:
highband (because the last patch would be too short). Possible This is required in case that the patches do not cover the complete
optimization: Clearing bands up to usb would be sufficient here. */ highband (because the last patch would be too short). Possible
targetStopBand = patchParam[pSettings->noOfPatches - 1].targetStartBand + optimization: Clearing bands up to usb would be sufficient here. */
patchParam[pSettings->noOfPatches - 1].numBandsInPatch; int targetStopBand =
patchParam[pSettings->noOfPatches - 1].targetStartBand +
patchParam[pSettings->noOfPatches - 1].numBandsInPatch;
int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL); int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL);
if (!useLP) { if (!useLP) {
for (i = startSample; i < stopSampleClear; i++) { for (i = startSample; i < stopSampleClear; i++) {
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize); FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize);
} }
} else { } else {
for (i = startSample; i < stopSampleClear; i++) { for (i = startSample; i < stopSampleClear; i++) {
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
}
} }
} }
#ifdef __ANDROID__
else {
// Safetynet logging
android_errorWriteLog(0x534e4554, "112160868");
}
#endif
/* init bwIndex for each patch */ /* init bwIndex for each patch */
FDKmemclear(bwIndex, sizeof(bwIndex)); FDKmemclear(bwIndex, sizeof(bwIndex));
@ -874,7 +886,6 @@ void lppTransposerHBE(
int ovLowBandShift; int ovLowBandShift;
int lowBandShift; int lowBandShift;
/* int ovHighBandShift;*/ /* int ovHighBandShift;*/
int targetStopBand;
alphai[0] = FL2FXCONST_SGL(0.0f); alphai[0] = FL2FXCONST_SGL(0.0f);
alphai[1] = FL2FXCONST_SGL(0.0f); alphai[1] = FL2FXCONST_SGL(0.0f);
@ -889,19 +900,28 @@ void lppTransposerHBE(
autoCorrLength = pSettings->nCols + pSettings->overlap; autoCorrLength = pSettings->nCols + pSettings->overlap;
/* Set upper subbands to zero: if (pSettings->noOfPatches > 0) {
This is required in case that the patches do not cover the complete /* Set upper subbands to zero:
highband (because the last patch would be too short). Possible This is required in case that the patches do not cover the complete
optimization: Clearing bands up to usb would be sufficient here. */ highband (because the last patch would be too short). Possible
targetStopBand = patchParam[pSettings->noOfPatches - 1].targetStartBand + optimization: Clearing bands up to usb would be sufficient here. */
patchParam[pSettings->noOfPatches - 1].numBandsInPatch; int targetStopBand =
patchParam[pSettings->noOfPatches - 1].targetStartBand +
patchParam[pSettings->noOfPatches - 1].numBandsInPatch;
int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL); int memSize = ((64) - targetStopBand) * sizeof(FIXP_DBL);
for (i = startSample; i < stopSampleClear; i++) { for (i = startSample; i < stopSampleClear; i++) {
FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize); FDKmemclear(&qmfBufferReal[i][targetStopBand], memSize);
FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize); FDKmemclear(&qmfBufferImag[i][targetStopBand], memSize);
}
} }
#ifdef __ANDROID__
else {
// Safetynet logging
android_errorWriteLog(0x534e4554, "112160868");
}
#endif
/* /*
Calc common low band scale factor Calc common low band scale factor