mirror of https://github.com/mstorsjo/fdk-aac.git
Merge "Avoid integer overflows in CLatmDemux_ReadAuChunkLengthInfo() and FDK_get32() to prevent endless loop." into sc-dev
This commit is contained in:
TreeHugger Robot
Android (Google) Code Review
commit
f633fc085e
|
|
@ -1,7 +1,7 @@
|
||||||
/* -----------------------------------------------------------------------------
|
/* -----------------------------------------------------------------------------
|
||||||
Software License for The Fraunhofer FDK AAC Codec Library for Android
|
Software License for The Fraunhofer FDK AAC Codec Library for Android
|
||||||
|
|
||||||
© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten
|
© Copyright 1995 - 2021 Fraunhofer-Gesellschaft zur Förderung der angewandten
|
||||||
Forschung e.V. All rights reserved.
|
Forschung e.V. All rights reserved.
|
||||||
|
|
||||||
1. INTRODUCTION
|
1. INTRODUCTION
|
||||||
|
|
@ -591,6 +591,18 @@ bail:
|
||||||
return (ErrorStatus);
|
return (ErrorStatus);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int CLatmDemux_ReadAuChunkLengthInfo(HANDLE_FDK_BITSTREAM bs) {
|
||||||
|
int len = 0, tmp = 255;
|
||||||
|
int validBytes = (int)FDKgetValidBits(bs) >> 3;
|
||||||
|
|
||||||
|
while (tmp == 255 && validBytes-- > 0) {
|
||||||
|
tmp = (int)FDKreadBits(bs, 8);
|
||||||
|
len += tmp;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ((tmp == 255) ? -1 : (len << 3));
|
||||||
|
}
|
||||||
|
|
||||||
TRANSPORTDEC_ERROR CLatmDemux_ReadPayloadLengthInfo(HANDLE_FDK_BITSTREAM bs,
|
TRANSPORTDEC_ERROR CLatmDemux_ReadPayloadLengthInfo(HANDLE_FDK_BITSTREAM bs,
|
||||||
CLatmDemux *pLatmDemux) {
|
CLatmDemux *pLatmDemux) {
|
||||||
TRANSPORTDEC_ERROR ErrorStatus = TRANSPORTDEC_OK;
|
TRANSPORTDEC_ERROR ErrorStatus = TRANSPORTDEC_OK;
|
||||||
|
|
@ -602,11 +614,17 @@ TRANSPORTDEC_ERROR CLatmDemux_ReadPayloadLengthInfo(HANDLE_FDK_BITSTREAM bs,
|
||||||
FDK_ASSERT(pLatmDemux->m_numLayer[prog] <= LATM_MAX_LAYER);
|
FDK_ASSERT(pLatmDemux->m_numLayer[prog] <= LATM_MAX_LAYER);
|
||||||
for (UINT lay = 0; lay < pLatmDemux->m_numLayer[prog]; lay++) {
|
for (UINT lay = 0; lay < pLatmDemux->m_numLayer[prog]; lay++) {
|
||||||
LATM_LAYER_INFO *p_linfo = &pLatmDemux->m_linfo[prog][lay];
|
LATM_LAYER_INFO *p_linfo = &pLatmDemux->m_linfo[prog][lay];
|
||||||
|
int auChunkLengthInfo = 0;
|
||||||
|
|
||||||
switch (p_linfo->m_frameLengthType) {
|
switch (p_linfo->m_frameLengthType) {
|
||||||
case 0:
|
case 0:
|
||||||
p_linfo->m_frameLengthInBits = CLatmDemux_ReadAuChunkLengthInfo(bs);
|
auChunkLengthInfo = CLatmDemux_ReadAuChunkLengthInfo(bs);
|
||||||
|
if (auChunkLengthInfo >= 0) {
|
||||||
|
p_linfo->m_frameLengthInBits = (UINT)auChunkLengthInfo;
|
||||||
totalPayloadBits += p_linfo->m_frameLengthInBits;
|
totalPayloadBits += p_linfo->m_frameLengthInBits;
|
||||||
|
} else {
|
||||||
|
return TRANSPORTDEC_PARSE_ERROR;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 3:
|
case 3:
|
||||||
case 5:
|
case 5:
|
||||||
|
|
@ -627,23 +645,6 @@ TRANSPORTDEC_ERROR CLatmDemux_ReadPayloadLengthInfo(HANDLE_FDK_BITSTREAM bs,
|
||||||
return (ErrorStatus);
|
return (ErrorStatus);
|
||||||
}
|
}
|
||||||
|
|
||||||
int CLatmDemux_ReadAuChunkLengthInfo(HANDLE_FDK_BITSTREAM bs) {
|
|
||||||
UCHAR endFlag;
|
|
||||||
int len = 0;
|
|
||||||
|
|
||||||
do {
|
|
||||||
UCHAR tmp = (UCHAR)FDKreadBits(bs, 8);
|
|
||||||
endFlag = (tmp < 255);
|
|
||||||
|
|
||||||
len += tmp;
|
|
||||||
|
|
||||||
} while (endFlag == 0);
|
|
||||||
|
|
||||||
len <<= 3; /* convert from bytes to bits */
|
|
||||||
|
|
||||||
return len;
|
|
||||||
}
|
|
||||||
|
|
||||||
UINT CLatmDemux_GetFrameLengthInBits(CLatmDemux *pLatmDemux, const UINT prog,
|
UINT CLatmDemux_GetFrameLengthInBits(CLatmDemux *pLatmDemux, const UINT prog,
|
||||||
const UINT layer) {
|
const UINT layer) {
|
||||||
UINT nFrameLenBits = 0;
|
UINT nFrameLenBits = 0;
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
/* -----------------------------------------------------------------------------
|
/* -----------------------------------------------------------------------------
|
||||||
Software License for The Fraunhofer FDK AAC Codec Library for Android
|
Software License for The Fraunhofer FDK AAC Codec Library for Android
|
||||||
|
|
||||||
© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten
|
© Copyright 1995 - 2021 Fraunhofer-Gesellschaft zur Förderung der angewandten
|
||||||
Forschung e.V. All rights reserved.
|
Forschung e.V. All rights reserved.
|
||||||
|
|
||||||
1. INTRODUCTION
|
1. INTRODUCTION
|
||||||
|
|
@ -151,8 +151,6 @@ typedef struct {
|
||||||
AudioPreRoll */
|
AudioPreRoll */
|
||||||
} CLatmDemux;
|
} CLatmDemux;
|
||||||
|
|
||||||
int CLatmDemux_ReadAuChunkLengthInfo(HANDLE_FDK_BITSTREAM bs);
|
|
||||||
|
|
||||||
TRANSPORTDEC_ERROR CLatmDemux_Read(HANDLE_FDK_BITSTREAM bs,
|
TRANSPORTDEC_ERROR CLatmDemux_Read(HANDLE_FDK_BITSTREAM bs,
|
||||||
CLatmDemux *pLatmDemux, TRANSPORT_TYPE tt,
|
CLatmDemux *pLatmDemux, TRANSPORT_TYPE tt,
|
||||||
CSTpCallBacks *pTpDecCallbacks,
|
CSTpCallBacks *pTpDecCallbacks,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue