From da401d271ecedd339b093201a6d7b1ecf436899c Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Thu, 20 Dec 2018 15:52:46 +0100 Subject: [PATCH] Add sanity check in huff_decode() Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc Bug: 119292397 Change-Id: I33e99629665df9aa6262c90dd7ebdde4b4b9d773 (cherry picked from commit b81f869de3f7c5b6395606d5f36cef57987eae8f) --- libFDK/src/nlc_dec.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libFDK/src/nlc_dec.cpp b/libFDK/src/nlc_dec.cpp index 8a8ccfd..6e98ce0 100644 --- a/libFDK/src/nlc_dec.cpp +++ b/libFDK/src/nlc_dec.cpp @@ -647,6 +647,10 @@ static ERROR_t huff_decode(HANDLE_FDK_BITSTREAM strm, SCHAR* out_data_1, } df_rest_flag_1 = num_val_1_int % 2; if (df_rest_flag_1) num_val_1_int -= 1; + if (num_val_1_int < 0) { + err = HUFFDEC_NOTOK; + goto bail; + } } if (out_data_2 != NULL) { if (diff_type_2 == DIFF_FREQ) { @@ -658,6 +662,10 @@ static ERROR_t huff_decode(HANDLE_FDK_BITSTREAM strm, SCHAR* out_data_1, } df_rest_flag_2 = num_val_2_int % 2; if (df_rest_flag_2) num_val_2_int -= 1; + if (num_val_2_int < 0) { + err = HUFFDEC_NOTOK; + goto bail; + } } if (out_data_1 != NULL) {