Commit Graph

71 Commits

Author SHA1 Message Date
Martin Storsjo c7a3808a2f Merge remote-tracking branch 'aosp/master' 2020-11-17 12:38:51 +02:00
Martin Storsjo d23a21ab42 Avoid undefined shifts in calculateSbrEnvelope
Fixes: 26845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5670674796118016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2020-11-17 12:26:19 +02:00
Martin Storsjo 4e944af756 Avoid undefined shifts in SBR calcCRC
Fixes: 25404/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5397024709804032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2020-11-17 12:26:19 +02:00
Bill Yi 5b4265a02a Merge rvc-release RP1A.201105.002 to aosp-master - DO NOT MERGE
Merged-In: I44e842648acbceb02bbc28cf2ad729a0caddf60d
Change-Id: Iead5cf2ca1c993da0844a11d1e64bf3cc86ed5dd
2020-11-04 13:57:54 -08:00
Fraunhofer IIS FDK ffff95538e Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels().
In the bug the SBR decoder has already set up 9 channels and tries to
allocate one more channel. The assignment of the QMF channels to SBR
channels fails since the QMF domain manages only 8+1 channels instead
of 10 channels as reqeusted by SBR.
Here we have added a check in sbrDecoder_InitElement() which will
return with a parse error in case additional SBR channels would exceed
the maximum number of SBR channels. This solves the potential heap
buffer overflow.

Bug: 158762825
Test: atest DecoderTestAacDrc DecoderTestAacFormat DecoderTestXheAac
Change-Id: I0150ac6d5a47ffce883010f531928656eebc619e
Merged-In: I0150ac6d5a47ffce883010f531928656eebc619e
(cherry picked from commit bb8f983bf3)
2020-09-16 23:28:22 +00:00
Kris Alder 0f130d51b8 Merge changes Iad37ae76,I4870251b,Icd937cad am: 662d974400 am: 0b8c6e731f
Change-Id: Ie5c84f6923184c564793de5e5f0007bc197415e7
2020-04-09 16:47:26 +00:00
Anuj Joshi 7f7bbce892 Stop using __DATE__/__TIME__ on all builds
Test: mmma external/libaac
Bug: 151595970

Change-Id: Icd937cad3e4e2f70a5486cca424544eb410be26f
2020-03-27 10:43:38 +05:30
Fraunhofer IIS FDK e016635f0d Avoid decoder internal clipping by converting the whole audio sample data path from 16 to 32 bit data width (FDKdec v3.2.0).
Bug: 149514474
Test: atest DecoderTestXheAac DecoderTestAacDrc
Change-Id: I8a504ab709e42e27a61fe29840212953742283a5
2020-02-14 10:53:51 -08:00
Fraunhofer IIS FDK 90c29e0808 Revise memory overlay usage and remove deprecated buffers and overlay tags.
Bug: 149514474
Test: atest DecoderTestXheAac DecoderTestAacDrc
Change-Id: I7aea2898a3c49e06209fae89d734939c100e1184
2020-02-14 10:44:10 -08:00
Fraunhofer IIS FDK 5d09563196 Avoid too large shift exponent in apply_inter_tes() by using fIsLessThan.
Bug: 146936613
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I8414072929ec8f786e0c003f18ab453dbacb9e5e
2020-01-16 12:15:04 -08:00
Fraunhofer IIS FDK 801b45ffab Adjust scaling in lppTransposerHBE() to prevent signed integer overflow in autocorrelation.
Bug: 145669291
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: Ia32b081b982d6886f51642a7ed1ca73acb40dac9
2019-12-27 10:20:36 -08:00
Fraunhofer IIS FDK 68cdcfc6b8 Avoid signed integer overflows in multiple adjustTimeSlot*() functions.
Bug: 145669628
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: Id0f3ee9d3413e534505c0c7eea379ce42880ca79
2019-12-27 08:59:49 -08:00
Fraunhofer IIS FDK 2ce3e76d0f Improve robustness of limiter band table calculation in ResetLimiterBands().
Bug: 145668973
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: Ic076cf5b44c0618734064b670de61f9da532a13e
2019-12-27 08:58:46 -08:00
Fraunhofer IIS FDK 5838a313ae Fix signed integer overflow in pvcDecodeTimeSlot().
Bug: 145668022
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I0a165330cf174f24310f8d705523d310a3522e7a
2019-12-27 08:54:50 -08:00
Fraunhofer IIS FDK b2f2a109d3 Limit too large shift value in apply_inter_tes().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I38cc7053e671f6e20a1a9ba4f1645d1cf8be77e2
2019-10-18 10:58:52 -07:00
Fraunhofer IIS FDK 54cd15bd80 Fix nrgGain_e update in equalizeFiltBufferExp(). Prevents negative shift exponents in calculateSbrEnvelope().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I66ad54dae0fa1d414d8b2b9a9e0b6145cce4042d
2019-10-18 10:58:40 -07:00
Fraunhofer IIS FDK 9ba6f8b6a2 Fix signed integer overflow in calcFactorPerBand() calculation.
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I9f18f675112651be8dec5c0474601ca6531fbf15
2019-10-18 10:56:10 -07:00
Fraunhofer IIS FDK a7029823f4 Prevent integer overflow in sbrDecoder_calculateGainVec().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I359f7f976a5ad5459be7d7b786145988a175e305
2019-10-18 10:54:57 -07:00
Fraunhofer IIS FDK 6f98eab350 Saturate shift value in calculateSbrEnvelope(). Prevents too large shift values.
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I3331ac9bc267cd3fa4c1178bc445998869f0d99b
2019-10-14 15:08:34 -07:00
Fraunhofer IIS FDK a65911cd2e Limit shift exponent in adjustTimeSlot_EldGrid().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I4000972d63d74e871d47f2db031308cd7ea285d6
2019-10-14 15:06:23 -07:00
Fraunhofer IIS FDK bedfd82356 Fix shift value assignment in addHighBandPart().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I69457c1b551e33e3ee9ef39b457b0f83de2e370e
2019-10-14 15:01:17 -07:00
Fraunhofer IIS FDK b1b306443a Replace obsolete SBR CRC with superior FDK CRC implementation. Fixes ELD SBR CRC decoding and prevents negative shift exponents in calcCRC().
Bug: 131430997
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I0c40609975de5854560643f3ce2c9fecf5973f73
2019-10-11 10:14:53 -07:00
Martin Storsjo 10fcf89a3e Revert "Reapply: Avoid reading out of bounds due to negative aaIccIndexMapped"
This reverts commit e6bb256130.

It seems like this isn't needed any longer on the latest upstream
version.
2019-10-08 15:10:34 +03:00
Martin Storsjo 3e6e1b2097 Revert "Reapply: Avoid reading out of bounds due to too large aaIidIndexMapped"
This reverts commit 28fdc28ec4.

It seems like this isn't needed any longer on the latest upstream
version.
2019-10-08 15:10:32 +03:00
Martin Storsjo e365f4f278 Merge remote-tracking branch 'aosp/master' 2019-10-08 14:53:07 +03:00
Fraunhofer IIS FDK 818743f718 Improve random phase table accuracy.
Bug: 132641988
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: Ifca82aec87c0d21871d1f181b1be635c419433ee
2019-05-14 14:13:38 -07:00
Fraunhofer IIS FDK 2ef020c93a Increase scale factor gain in TES tool.
Bug: 132641988
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I498be80902da32944ab456436689ca4aba42d3f6
2019-05-14 14:10:18 -07:00
Fraunhofer IIS FDK 69a5c189ad Improve accuracy of division in calcSubbandGain().
Bug: 132641988
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I3beeda23355ae1200d9f55c9e8cd1cc6bc899153
2019-05-14 09:53:45 -07:00
Fraunhofer IIS FDK e51063ca54 Avoid -1.0 autocorrelation input data.
Bug: 132641988
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I2d4ccf9ee666a5533417ea98302de4a01b74c5ce
2019-05-14 09:47:32 -07:00
Fraunhofer IIS FDK 273a43f61f Discard SBR data in case of unsuccessful SBR header update.
Change-Id: I31ab01476d5a9de273c7adce14a1c29fa0023682
2019-03-15 18:10:11 +00:00
Jean-Michel Trivi 8972e93edd libSBRdec: prevent OOB access
In generateFixFixOnly() check validity of  index before accessing
  SBR decoder envolope tables.

Bug: 112052062
Test: see bug
Change-Id: Icd7ec3807eea9ef8417dba7383f361101becc4f2
2019-03-07 14:16:05 -08:00
Martin Storsjo 02103fd630 Merge remote-tracking branch 'aosp/master' 2019-01-21 15:54:25 +02:00
Fraunhofer IIS FDK 55d2c9582a Extend PS concealment/error treatment
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I19b87d33b1d0ed8b43b4ea57992f1c6df500d9f4
2018-12-27 17:31:46 -05:00
Fraunhofer IIS FDK 82383e3212 Fix potential invalid memory access for concealment in decodeEnvelope()
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I916a24c000ef792aa3d5befa02a6b6f673161844
2018-12-27 17:28:39 -05:00
Fraunhofer IIS FDK 5cb1030d72 Reset all noisefloor levels in leanSbrConcealment()
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I6d25e8c8844bdf8e15d1aab695cb5d19d6b232e2
2018-12-27 17:25:13 -05:00
Fraunhofer IIS FDK 0cebd077b6 Apply sbrDecoder_Parse() function for all explict SBR elements
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I97471c4db309307a21100f1d5d88d3c4e24d2670
2018-12-27 14:51:52 -05:00
Fraunhofer IIS FDK 0271d6a6f3 Call QMF transposer initialization only with successful SBR processing
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc

Change-Id: I8a8626a83e1bd87b2c14fad7c90174e4172c01b6
2018-12-27 14:48:15 -05:00
Fraunhofer IIS FDK 804f41ac64 Add error path to generateFixFixOnly()
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I1f1767403068a9eafd7b20edb96669b71b0110fc
2018-12-27 14:45:29 -05:00
Jean-Michel Trivi f828d3e16a Merge "Limit too large shift exponent in apply_inter_tes()" 2018-12-27 19:14:22 +00:00
Fraunhofer IIS FDK 29b81acd78 Limit too large shift exponent in apply_inter_tes()
Bug: 112892200
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I74e349ecb796343b475b825ac7d97497560a1e7a
2018-12-27 12:45:31 -05:00
Fraunhofer IIS FDK e93cd75ea4 Limit too large scale_change exponent used in adjustTimeSlot
Bug: 112892953
Test: atest DecoderTestXheAac ; atest DecoderTestAacDrc
Change-Id: I4fe66defb40a36612850582cb0f1da7fb07a8bed
2018-12-27 12:29:27 -05:00
Fraunhofer IIS FDK 5e57019525 Prevent out of bounds accesses in lppTransposer() and lppTransposerHBE()
Bug: 112160868
Test: see poc in bug
Change-Id: I6a2161865d9cb9b51dc37c09d6e3a4a8e5d11f86
(cherry picked from commit 4dad829df0)
2018-10-20 00:17:02 +00:00
Martin Storsjo 28fdc28ec4 Reapply: Avoid reading out of bounds due to too large aaIidIndexMapped
Fixes: 10726/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5167035365982208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2018-10-16 09:38:33 +03:00
Martin Storsjo e6bb256130 Reapply: Avoid reading out of bounds due to negative aaIccIndexMapped
Fixes: 10325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5740113355603968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2018-09-26 14:24:43 +03:00
Martin Storsjo 99e092f47b Replace __attribute__((always_inline)) with FDK_FORCEINLINE
This fixes compilation for ARM with MSVC.
2018-09-02 23:26:56 +03:00
Fraunhofer IIS FDK a4d1f0ad52 FDKv2 ubsan patches
Bug: 80053205
Test: see bug for repro with FB "wow"
   atest DecoderTestAacDrc

Fix signed integer overflows in CLpc_SynthesisLattice()

Change-Id: Icbddfcc8c5fc73382ae5bf8c2a7703802c688e06

Fix signed integer overflows in imlt

Change-Id: I687834fca2f1aab6210ed9862576b4f38fcdeb24

Fix overflow in addLowbandEnergies()

Change-Id: Iaa9fdf9deb49c33ec6ca7ed3081c4ddaa920e9aa

Concealment fix for audio frames containing acelp components

Change-Id: Ibe5e83a6efa75a48f729984a161a76b826878f4e

Fix out-of-bounds access in PS concealment

Change-Id: I08809a03a40d1feaf00e41278db314d67e1efe88

Fix potential memory leak in setup of qmf domain

Change-Id: Id9fc2448354dc7f1b439469128407305efa3def2

Reject channel config 13

Change-Id: Idf5236f6cd054df994e69c9c972c97f6768cf9e5

Fix unsigned integer overflow in configExtension()

Change-Id: I8a1668810b85e6237c3892891444ff08f04b019b

Fix unsigned integer overflow in CAacDecoder_DecodeFrame()

Change-Id: I79678c571690178e6c37680f70a9b94dd3cbc439

Fix unsigned integer overflow in aacDecoder_UpdateBitStreamCounters()

Change-Id: I3bff959da9f53fabb18cd0ae6c260e6256194526

Fix unsigned integer overflow in transportDec_readStream()

Change-Id: I6a6f9f4acaa32fae0b5de9641f8787bbc7f8286b
2018-05-23 12:19:40 -07:00
Fraunhofer IIS FDK 44ac411683 FDK patches: fix overflows in decoder out-of-band config
Bug: 71430241
Bug: 79220129
Test: cts-tradefed run commandAndExit cts-dev -m CtsMediaTestCases -t android.media.cts.DecoderTestXheAac
      cts-tradefed run commandAndExit cts-dev -m CtsMediaTestCases -t android.media.cts.DecoderTestAacDrc

Unsigned Integer Overflows in CDataStreamElement_Read()

Change-Id: Ic2f5b3ae111bf984d4d0db664823798957b0a979

Unsigned Integer Overflow in CProgramConfig_ReadHeightExt()

Change-Id: Iaebc458bb59504203e604a28ed6d5cecaa875c42

Unsigned Integer Overflow in transportDec_OutOfBandConfig()

Change-Id: I24a4b32d736f28c55147f0e2ca06fe5537da19c2

Unsigned Integer Overflows in CDKcrcEndReg() & crcCalc()

Change-Id: I6ebbe541a4d3b6bacbd5ace17264972951de7ca8

Unsigned Integer Overflows in ReadPsData()

Change-Id: Id36576fe545236860a06f17971494ecd4484c494

Unsigned Integer Overflow in SpatialDecParseSpecificConfig()

Change-Id: Ib468f129a951c69776b88468407f008ab4cfd2c7

Unsigned Integer Overflows in _readUniDrcConfigExtension() & _readLoudnessInfoSetExtension()

Change-Id: Ibcf7c6a23af49239206ea9301c58adac36e3ceba
2018-05-09 15:15:28 -07:00
Fraunhofer IIS FDK 6cfabd3536 Upgrade to FDKv2
Bug: 71430241
Test: CTS DecoderTest and DecoderTestAacDrc

original-Change-Id: Iaa20f749b8a04d553b20247cfe1a8930ebbabe30

Apply clang-format also on header files.

original-Change-Id: I14de1ef16bbc79ec0283e745f98356a10efeb2e4

Fixes for MPEG-D DRC

original-Change-Id: If1de2d74bbbac84b3f67de3b88b83f6a23b8a15c

Catch unsupported tw_mdct at an early stage

original-Change-Id: Ied9dd00d754162a0e3ca1ae3e6b854315d818afe

Fixing PVC transition frames

original-Change-Id: Ib75725abe39252806c32d71176308f2c03547a4e

Move qmf bands sanity check

original-Change-Id: Iab540c3013c174d9490d2ae100a4576f51d8dbc4

Initialize scaling variable

original-Change-Id: I3c4087101b70e998c71c1689b122b0d7762e0f9e

Add 16 qmf band configuration to getSlotNrgHQ()

original-Change-Id: I49a5d30f703a1b126ff163df9656db2540df21f1

Always apply byte alignment at the end of the AudioMuxElement

original-Change-Id: I42d560287506d65d4c3de8bfe3eb9a4ebeb4efc7

Setup SBR element only if no parse error exists

original-Change-Id: I1915b73704bc80ab882b9173d6bec59cbd073676

Additional array index check in HCR

original-Change-Id: I18cc6e501ea683b5009f1bbee26de8ddd04d8267

Fix fade-in index selection in concealment module

original-Change-Id: Ibf802ed6ed8c05e9257e1f3b6d0ac1162e9b81c1

Enable explicit backward compatible parser for AAC_LD

original-Change-Id: I27e9c678dcb5d40ed760a6d1e06609563d02482d

Skip spatial specific config in explicit backward compatible ASC

original-Change-Id: Iff7cc365561319e886090cedf30533f562ea4d6e

Update flags description in decoder API

original-Change-Id: I9a5b4f8da76bb652f5580cbd3ba9760425c43830

Add QMF domain reset function

original-Change-Id: I4f89a8a2c0277d18103380134e4ed86996e9d8d6

DRC upgrade v2.1.0

original-Change-Id: I5731c0540139dab220094cd978ef42099fc45b74

Fix integer overflow in sqrtFixp_lookup()

original-Change-Id: I429a6f0d19aa2cc957e0f181066f0ca73968c914

Fix integer overflow in invSqrtNorm2()

original-Change-Id: I84de5cbf9fb3adeb611db203fe492fabf4eb6155

Fix integer overflow in GenerateRandomVector()

original-Change-Id: I3118a641008bd9484d479e5b0b1ee2b5d7d44d74

Fix integer overflow in adjustTimeSlot_EldGrid()

original-Change-Id: I29d503c247c5c8282349b79df940416a512fb9d5

Fix integer overflow in FDKsbrEnc_codeEnvelope()

original-Change-Id: I6b34b61ebb9d525b0c651ed08de2befc1f801449

Follow-up on: Fix integer overflow in adjustTimeSlot_EldGrid()

original-Change-Id: I6f8f578cc7089e5eb7c7b93e580b72ca35ad689a

Fix integer overflow in get_pk_v2()

original-Change-Id: I63375bed40d45867f6eeaa72b20b1f33e815938c

Fix integer overflow in Syn_filt_zero()

original-Change-Id: Ie0c02fdfbe03988f9d3b20d10cd9fe4c002d1279

Fix integer overflow in CFac_CalcFacSignal()

original-Change-Id: Id2d767c40066c591b51768e978eb8af3b803f0c5

Fix integer overflow in FDKaacEnc_FDKaacEnc_calcPeNoAH()

original-Change-Id: Idcbd0f4a51ae2550ed106aa6f3d678d1f9724841

Fix integer overflow in sbrDecoder_calculateGainVec()

original-Change-Id: I7081bcbe29c5cede9821b38d93de07c7add2d507

Fix integer overflow in CLpc_SynthesisLattice()

original-Change-Id: I4a95ddc18de150102352d4a1845f06094764c881

Fix integer overflow in Pred_Lt4()

original-Change-Id: I4dbd012b2de7d07c3e70a47b92e3bfae8dbc750a

Fix integer overflow in FDKsbrEnc_InitSbrFastTransientDetector()

original-Change-Id: I788cbec1a4a00f44c2f3a72ad7a4afa219807d04

Fix unsigned integer overflow in FDKaacEnc_WriteBitstream()

original-Change-Id: I68fc75166e7d2cd5cd45b18dbe3d8c2a92f1822a

Fix unsigned integer overflow in FDK_MetadataEnc_Init()

original-Change-Id: Ie8d025f9bcdb2442c704bd196e61065c03c10af4

Fix overflow in pseudo random number generators

original-Change-Id: I3e2551ee01356297ca14e3788436ede80bd5513c

Fix unsigned integer overflow in sbrDecoder_Parse()

original-Change-Id: I3f231b2f437e9c37db4d5b964164686710eee971

Fix unsigned integer overflow in longsub()

original-Change-Id: I73c2bc50415cac26f1f5a29e125bbe75f9180a6e

Fix unsigned integer overflow in CAacDecoder_DecodeFrame()

original-Change-Id: Ifce2db4b1454b46fa5f887e9d383f1cc43b291e4

Fix overflow at CLpdChannelStream_Read()

original-Change-Id: Idb9d822ce3a4272e4794b643644f5434e2d4bf3f

Fix unsigned integer overflow in Hcr_State_BODY_SIGN_ESC__ESC_WORD()

original-Change-Id: I1ccf77c0015684b85534c5eb97162740a870b71c

Fix unsigned integer overflow in UsacConfig_Parse()

original-Change-Id: Ie6d27f84b6ae7eef092ecbff4447941c77864d9f

Fix unsigned integer overflow in aacDecoder_drcParse()

original-Change-Id: I713f28e883eea3d70b6fa56a7b8f8c22bcf66ca0

Fix unsigned integer overflow in aacDecoder_drcReadCompression()

original-Change-Id: Ia34dfeb88c4705c558bce34314f584965cafcf7a

Fix unsigned integer overflow in CDataStreamElement_Read()

original-Change-Id: Iae896cc1d11f0a893d21be6aa90bd3e60a2c25f0

Fix unsigned integer overflow in transportDec_AdjustEndOfAccessUnit()

original-Change-Id: I64cf29a153ee784bb4a16fdc088baabebc0007dc

Fix unsigned integer overflow in transportDec_GetAuBitsRemaining()

original-Change-Id: I975b3420faa9c16a041874ba0db82e92035962e4

Fix unsigned integer overflow in extractExtendedData()

original-Change-Id: I2a59eb09e2053cfb58dfb75fcecfad6b85a80a8f

Fix signed integer overflow in CAacDecoder_ExtPayloadParse()

original-Change-Id: I4ad5ca4e3b83b5d964f1c2f8c5e7b17c477c7929

Fix unsigned integer overflow in CAacDecoder_DecodeFrame()

original-Change-Id: I29a39df77d45c52a0c9c5c83c1ba81f8d0f25090

Follow-up on: Fix integer overflow in CLpc_SynthesisLattice()

original-Change-Id: I8fb194ffc073a3432a380845be71036a272d388f

Fix signed integer overflow in _interpolateDrcGain()

original-Change-Id: I879ec9ab14005069a7c47faf80e8bc6e03d22e60

Fix unsigned integer overflow in FDKreadBits()

original-Change-Id: I1f47a6a8037ff70375aa8844947d5681bb4287ad

Fix unsigned integer overflow in FDKbyteAlign()

original-Change-Id: Id5f3a11a0c9e50fc6f76ed6c572dbd4e9f2af766

Fix unsigned integer overflow in FDK_get32()

original-Change-Id: I9d33b8e97e3d38cbb80629cb859266ca0acdce96

Fix unsigned integer overflow in FDK_pushBack()

original-Change-Id: Ic87f899bc8c6acf7a377a8ca7f3ba74c3a1e1c19

Fix unsigned integer overflow in FDK_pushForward()

original-Change-Id: I3b754382f6776a34be1602e66694ede8e0b8effc

Fix unsigned integer overflow in ReadPsData()

original-Change-Id: I25361664ba8139e32bbbef2ca8c106a606ce9c37

Fix signed integer overflow in E_UTIL_residu()

original-Change-Id: I8c3abd1f437ee869caa8fb5903ce7d3d641b6aad

REVERT: Follow-up on: Integer overflow in CLpc_SynthesisLattice().

original-Change-Id: I3d340099acb0414795c8dfbe6362bc0a8f045f9b

Follow-up on: Fix integer overflow in CLpc_SynthesisLattice()

original-Change-Id: I4aedb8b3a187064e9f4d985175aa55bb99cc7590

Follow-up on: Fix unsigned integer overflow in aacDecoder_drcParse()

original-Change-Id: I2aa2e13916213bf52a67e8b0518e7bf7e57fb37d

Fix integer overflow in acelp

original-Change-Id: Ie6390c136d84055f8b728aefbe4ebef6e029dc77

Fix unsigned integer overflow in aacDecoder_UpdateBitStreamCounters()

original-Change-Id: I391ffd97ddb0b2c184cba76139bfb356a3b4d2e2

Adjust concealment default settings

original-Change-Id: I6a95db935a327c47df348030bcceafcb29f54b21

Saturate estimatedStartPos

original-Change-Id: I27be2085e0ae83ec9501409f65e003f6bcba1ab6

Negative shift exponent in _interpolateDrcGain()

original-Change-Id: I18edb26b26d002aafd5e633d4914960f7a359c29

Negative shift exponent in calculateICC()

original-Change-Id: I3dcd2ae98d2eb70ee0d59750863cbb2a6f4f8aba

Too large shift exponent in FDK_put()

original-Change-Id: Ib7d9aaa434d2d8de4a13b720ca0464b31ca9b671

Too large shift exponent in CalcInvLdData()

original-Change-Id: I43e6e78d4cd12daeb1dcd5d82d1798bdc2550262

Member access within null pointer of type SBR_CHANNEL

original-Change-Id: Idc5e4ea8997810376d2f36bbdf628923b135b097

Member access within null pointer of type CpePersistentData

original-Change-Id: Ib6c91cb0d37882768e5baf63324e429589de0d9d

Member access within null pointer FDKaacEnc_psyMain()

original-Change-Id: I7729b7f4479970531d9dc823abff63ca52e01997

Member access within null pointer FDKaacEnc_GetPnsParam()

original-Change-Id: I9aa3b9f3456ae2e0f7483dbd5b3dde95fc62da39

Member access within null pointer FDKsbrEnc_EnvEncodeFrame()

original-Change-Id: I67936f90ea714e90b3e81bc0dd1472cc713eb23a

Add HCR sanity check

original-Change-Id: I6c1d9732ebcf6af12f50b7641400752f74be39f7

Fix memory issue for HBE edge case with 8:3 SBR

original-Change-Id: I11ea58a61e69fbe8bf75034b640baee3011e63e9

Additional SBR parametrization sanity check for ELD

original-Change-Id: Ie26026fbfe174c2c7b3691f6218b5ce63e322140

Add MPEG-D DRC channel layout check

original-Change-Id: Iea70a74f171b227cce636a9eac4ba662777a2f72

Additional out-of-bounds checks in MPEG-D DRC

original-Change-Id: Ife4a8c3452c6fde8a0a09e941154a39a769777d4

Change-Id: Ic63cb2f628720f54fe9b572b0cb528e2599c624e
2018-04-19 11:21:15 -07:00
Jean-Michel Trivi 117691fe59 Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754 am: fca1027937 am: d8e897ae9e am: 6e15baff97 am: 06c27a9feb am: e6b649a380 am: 902decfc99 am: 77aac03fb6
am: 5a2ae5cc27

Change-Id: Id4cceec7b64a1281bb922b76471f1bad7f283497
2017-11-03 19:36:01 +00:00
Jean-Michel Trivi 06c27a9feb Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754 am: fca1027937 am: d8e897ae9e
am: 6e15baff97

Change-Id: Ic11d63d594dabfb8359d19eb36f9bdcc56abd2ac
2017-11-03 19:19:22 +00:00