mirror of
https://github.com/mstorsjo/fdk-aac.git
synced 2025-01-24 04:41:22 +01:00
DO NOT MERGE Prevent out of bound memory access in GetInvInt
In GetInvInt(int) function, malicious content can access memory outside of the invCount array. Always bound access to valid indices. Test: see bug for malicious content, decoded with "stagefright -s -a" Bug: 65025048 Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
This commit is contained in:
parent
7147e71a75
commit
d0e8397b7b
@ -450,14 +450,18 @@ inline FIXP_DBL fAddSaturate(const FIXP_DBL a, const FIXP_DBL b)
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Calculate the value of 1/i where i is a integer value. It supports
|
* \brief Calculate the value of 1/i where i is a integer value. It supports
|
||||||
* input values from 1 upto 50.
|
* input values from 0 upto 49.
|
||||||
* \param intValue Integer input value.
|
* \param intValue Integer input value.
|
||||||
* \param FIXP_DBL representation of 1/intValue
|
* \param FIXP_DBL representation of 1/intValue
|
||||||
*/
|
*/
|
||||||
inline FIXP_DBL GetInvInt(int intValue)
|
inline FIXP_DBL GetInvInt(int intValue)
|
||||||
{
|
{
|
||||||
FDK_ASSERT((intValue > 0) && (intValue < 50));
|
FDK_ASSERT((intValue >= 0) && (intValue < 50));
|
||||||
FDK_ASSERT(intValue<50);
|
if (intValue < 0)
|
||||||
|
return invCount[0];
|
||||||
|
else if (intValue > 49)
|
||||||
|
return invCount[49];
|
||||||
|
else
|
||||||
return invCount[intValue];
|
return invCount[intValue];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user