mirror of
https://github.com/mstorsjo/fdk-aac.git
synced 2025-01-22 03:47:03 +01:00
Fix stack corruption happening in aacDecoder_drcExtractAndMap()
In the aacDecoder_drcExtractAndMap() function, self->numThreads can be used after having exceeded its intended max value, MAX_DRC_THREADS, causing memory to be cleared after the threadBs[MAX_DRC_THREADS] array. The crash is prevented by never using self->numThreads with a value equal to or greater than MAX_DRC_THREADS. A proper fix will be required as there seems to be an issue as to which entry in the threadBs array is meant to be initialized and used. Bug 26751339 Change-Id: I655cc40c35d4206ab72e83b2bdb751be2fe52b5a
This commit is contained in:
parent
fa3eba1644
commit
a06d1c2b9a
@ -2,7 +2,7 @@
|
||||
/* -----------------------------------------------------------------------------------------------------------
|
||||
Software License for The Fraunhofer FDK AAC Codec Library for Android
|
||||
|
||||
© Copyright 1995 - 2013 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
|
||||
© Copyright 1995 - 2013 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
|
||||
All rights reserved.
|
||||
|
||||
1. INTRODUCTION
|
||||
@ -680,6 +680,10 @@ static int aacDecoder_drcExtractAndMap (
|
||||
}
|
||||
self->numPayloads = 0;
|
||||
|
||||
if (self->numThreads >= MAX_DRC_THREADS) {
|
||||
self->numThreads = MAX_DRC_THREADS - 1;
|
||||
}
|
||||
|
||||
if (self->dvbAncDataAvailable)
|
||||
{ /* Append a DVB heavy compression payload thread if available. */
|
||||
int bitsParsed;
|
||||
@ -706,6 +710,10 @@ static int aacDecoder_drcExtractAndMap (
|
||||
|
||||
/* coupling channels not supported */
|
||||
|
||||
if (self->numThreads >= MAX_DRC_THREADS) {
|
||||
self->numThreads = MAX_DRC_THREADS - 1;
|
||||
}
|
||||
|
||||
/* check for valid threads */
|
||||
for (thread = 0; thread < self->numThreads; thread++) {
|
||||
CDrcPayload *pThreadBs = &threadBs[thread];
|
||||
|
Loading…
Reference in New Issue
Block a user