fdk-aac

History

Fraunhofer IIS FDK b5dfe8f92d Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels(). In the bug the SBR decoder has already set up 9 channels and tries to allocate one more channel. The assignment of the QMF channels to SBR channels fails since the QMF domain manages only 8+1 channels instead of 10 channels as reqeusted by SBR. Here we have added a check in sbrDecoder_InitElement() which will return with a parse error in case additional SBR channels would exceed the maximum number of SBR channels. This solves the potential heap buffer overflow. Bug: 158762825 Test: atest DecoderTestAacDrc DecoderTestAacFormat DecoderTestXheAac Change-Id: I0150ac6d5a47ffce883010f531928656eebc619e	2020-08-10 19:57:03 +00:00
..
include	Avoid decoder internal clipping by converting the whole audio sample data path from 16 to 32 bit data width (FDKdec v3.2.0).	2020-02-14 10:53:51 -08:00
src	Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels().	2020-08-10 19:57:03 +00:00

Fraunhofer IIS FDK b5dfe8f92d Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels().

In the bug the SBR decoder has already set up 9 channels and tries to
allocate one more channel. The assignment of the QMF channels to SBR
channels fails since the QMF domain manages only 8+1 channels instead
of 10 channels as reqeusted by SBR.
Here we have added a check in sbrDecoder_InitElement() which will
return with a parse error in case additional SBR channels would exceed
the maximum number of SBR channels. This solves the potential heap
buffer overflow.

Bug: 158762825
Test: atest DecoderTestAacDrc DecoderTestAacFormat DecoderTestXheAac
Change-Id: I0150ac6d5a47ffce883010f531928656eebc619e

2020-08-10 19:57:03 +00:00

include

Avoid decoder internal clipping by converting the whole audio sample data path from 16 to 32 bit data width (FDKdec v3.2.0).

2020-02-14 10:53:51 -08:00

src

Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels().

2020-08-10 19:57:03 +00:00