Fix stack corruption happening in aacDecoder_drcExtractAndMap()

In the aacDecoder_drcExtractAndMap() function, self->numThreads
  can be used after having exceeded its intended max value,
  MAX_DRC_THREADS, causing memory to be cleared after the
  threadBs[MAX_DRC_THREADS] array.
The crash is prevented by never using self->numThreads with
  a value equal to or greater than MAX_DRC_THREADS.
A proper fix will be required as there seems to be an issue as
  to which entry in the threadBs array is meant to be initialized
  and used.

Bug 26751339

Change-Id: I655cc40c35d4206ab72e83b2bdb751be2fe52b5a

libAACdec/src/aacdec_drc.cpp

@@ -2,7 +2,7 @@
 /* -----------------------------------------------------------------------------------------------------------
 Software License for The Fraunhofer FDK AAC Codec Library for Android
 
-© Copyright  1995 - 2013 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
+© Copyright  1995 - 2013 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
   All rights reserved.
 
  1.    INTRODUCTION
@@ -680,6 +680,10 @@ static int aacDecoder_drcExtractAndMap (
   }
   self->numPayloads = 0;
 
+  if (self->numThreads >= MAX_DRC_THREADS) {
+      self->numThreads = MAX_DRC_THREADS - 1;
+  }
+
   if (self->dvbAncDataAvailable)
   { /* Append a DVB heavy compression payload thread if available. */
     int bitsParsed;
@@ -706,6 +710,10 @@ static int aacDecoder_drcExtractAndMap (
 
   /* coupling channels not supported */
 
+  if (self->numThreads >= MAX_DRC_THREADS) {
+      self->numThreads = MAX_DRC_THREADS - 1;
+  }
+
   /* check for valid threads */
   for (thread = 0; thread < self->numThreads; thread++) {
     CDrcPayload *pThreadBs = &threadBs[thread];