Commit graph

47 commits

Author SHA1 Message Date
Rajat Kumar
bcbd383251 Fix to handle missing checks on error returned
Added missing return checks and converted
functions to void which doesn't return anything
other than zero.

Test: Review
Test: atest android.media.cts.DecoderTest
Bug:131183694

Change-Id: Iea7bb9959fffd7a0e4f345f86581a1328e04a38e
Merged-In: Iea7bb9959fffd7a0e4f345f86581a1328e04a38e
2020-09-10 12:48:42 -07:00
Rajat Kumar
57b4f3eac4 Fix for OOB in external libxaac
Codec initialization is done with AOT 2 (AAC-LC profile),
but AOT changes abruptly to 42 (USAC profile) in execution
leading to access of uninitialized tables. Hence Added a
check for mismatch in AOT during initialization and
AOT during execution.

Bug:150400335
Test: poc in bug

Change-Id: I73ca2bf0f963df7982c1a8371a8fc0c2e3c7cd82
2020-03-29 17:16:45 -07:00
Tripti Tiwari
f034dda6d2 Fix for SEGV in ixheaacd_aacdec_decodeframe function.
For erroneous stream, coupling channel initialization memory
was overlapping with SBR scratch memory usage, causing unwanted
reset of the some of the pointers.
All initialization should take place in persistent memory.
As a fix, replaced scratch with persistent memory for initialization.

Bug:145264510
Test:poc in bug

Change-Id: Iaa757d0e87fd3a0b2f75c5288cfe662f556c871f
2020-03-07 15:07:54 -08:00
Rajat Kumar
0d2d1af703 Fix for heap buffer overflow in set sbr persistent buffer
Maximum CC CHANNEL element supported in xaac decoder
is only two, but we are getting more for this
error stream, leading to heap buffer overflow.
Hence a check is added.

Bug:141344322
Test: poc in bug

Change-Id: Ib63b4c74e66d9e37c85153c87341de0601044bec
2019-11-02 06:55:04 -07:00
Rajat Kumar
8d9d3d1d58 Fix for non-handling of fatal error returned during init.
Fatal error returned from previous init call was not handled
during subsequent init calls. This check has been added here.

Bug:140984035
Bug:140988475
Bug:140986175
Test: poc in bug

Change-Id: I37599ba304bbf137b1a590c1fec7e0da236f7308
2019-10-12 16:28:30 -07:00
TreeHugger Robot
7c44e0aac5 Merge "Adding bound checks in USAC config bit stream parsing" 2019-08-27 20:13:53 +00:00
Ramesh Katuri
ce7b4e93ce Fix for correcting #include delimiters
This CL contains changes to make #include delimiters stying
consistent. For all system files inclusion we will use <> and
all user files we will use ""

Bug: 125443111
Test: compilation
Change-Id: Ie5f609b9bef8357877affb7f48d46df7c387d142
2019-08-26 13:35:44 -07:00
Sushanth Patil
e765682ee7 Fix for heap-buffer-overflow in ixheaacd_samples_sat
Output memory size initialised was not sufficient for the
case when audio preroll is 3 and core_sbr_framelength = 4.

Hence, it has been increased to accomodate for the same.

Bug: 136441188
Test: poc in bug

Change-Id: I4e21395f46f4b16c538bf5522b92ad0836ece67f
2019-07-31 14:04:45 -07:00
Ramesh Katuri
5775ff7635 Adding bound checks in USAC config bit stream parsing
These were added based on code review

Bug:130111727
Bug:131212731

Test: poc in bug

Change-Id: Ibe55885956e12ffacc54d809f67c466e20f0eb4d
2019-07-16 15:21:25 -07:00
TreeHugger Robot
fc905bc6c3 Merge "Fix for stack buffer overflow in ixheaacd_esbr_chirp_fac_calc." 2019-07-08 18:46:41 +00:00
Rajat Kumar
f6b2d77787 Fixes to incorporate latest conformance criteria
Bug:128648229
Test: atest android.media.cts.DecoderTestXheAac
Test: atest android.media.cts.DecoderTestAacDrc
Change-Id: Ic85bacc660c91096e29cd0cbe24323f4a6109c9a
2019-07-03 10:23:20 -07:00
Rajat Kumar
e34ec6918e Fix for stack buffer overflow in ixheaacd_esbr_chirp_fac_calc.
We found that error return was not being handled properly
in ixheaacd_applysbr() function. This led to a wrong value
being propagated which led to a stack buffer overflow.

Also, a flag for checking if any previous frames encountered
a fatal error has been added to ensure that further processing
of frames doesn't happen after encountering a fatal error.

Bug:130219994
Bug:131307285
Test: vendor
Change-Id: If7b3887afcb375dda292082438f61d156027b60e
2019-06-11 15:29:57 -07:00
Sushanth Patil
08225b931e Fix for memcpy param overlap in ixheaacd_applysbr
In ixheaacd_applysbr(), down_samp_sbr was coming as 1 during init
and 0 during execute, which lead to a down sampled(smaller array)
being intialised but memcpy at line 633 in ixheaacd_sbrdecoder.c
tried to do it for a non down sampled array(larger array) causing
a memcpy param overlap.
As a fix a check has been added in ixheaacd_dec_execute() for
down_spamp_sbr flag which should be 0 for AOT 42(USAC).

Bug:130273553
Bug:131278612
Test: vendor
Change-Id: Ide3af2da26fdceb8fa51b2e976ff96a0dba9b7a5
2019-06-11 15:19:11 -07:00
Ramesh Katuri
3f43c072c4 Fix for Parametric stereo stream playback issue
The stream used for this issue had parametric stereo switched off
for first few frames and decoder is configured to give mono output.
After few frames even though codec has detected PS content in the stream
channel configuration is not getting updated which caused breaks in
audio.

As a fix we are checking future possibility on PS content in the stream
based on AOT and using that information to update output channel count.

Bug:114329895
Test: vendor
Change-Id: I0faa47ff234b8651e2c42f9e4423fe9bf1c3908c
2019-05-02 11:51:42 -07:00
Ray Essick
360bd4fd75 Merge changes from topic "b124323156"
* changes:
  Initialize all allocated memory blocks to zero
  Update cfi blacklist to include few more assembly functions
  LDR changed to MOV instruction in armv8 and armv7 assemblies
2019-04-02 22:13:05 +00:00
Rajat Kumar
7b43401d30 Initialize all allocated memory blocks to zero
Bug: 124323156
Test: poc
Change-Id: I69b035d1b6bab81244dde319d4fceb3f42837380
2019-03-27 15:49:39 -07:00
Rajat Kumar
b338a5c649 Fix for array and integer overflow in drc related functions
Added init done check before execute calls to avoid access of
uninitialized data.

Bug:126652455
Test: poc
Change-Id: Ia33d05658d3830f27dfe607c4f4e96233c272e20
2019-03-27 13:44:19 -07:00
Ray Essick
e5eb426d1a Merge changes from topic "xaac_b112709994"
* changes:
  Fix for global buffer overflow in scale factor process function
  Fix for NPD in ixheaacd_applysbr
2019-02-24 23:55:19 +00:00
Pirama Arumuga Nainar
266216e42b Merge "Mark two inline functions as static" am: 624825bb2e am: cc99c427a1
am: 153f44de04

Change-Id: Ib163444b0cbeca4ffc3a79cc94b48d1cd9da18ee
2019-02-20 11:18:20 -08:00
Pirama Arumuga Nainar
0be5c447de Mark two inline functions as static
Bug: http://b/116873221

Mark ixheaacd_init_sbr_tables and ixheaacd_filt_buf_update as static, so
clang emits an out-of-line definition for it.  This fixes the coverage
build, that builds with O0, where the functions don't get inlined.

As an unrelated cleanup, remove an extra declaration of
ixheaacd_filt_buf_update.

Test: Build with coverage
Change-Id: Ia92f1d73c404193116fa3f269948027c771a43bf
2019-02-19 11:03:06 -08:00
Rajat Kumar
8913b0b126 Fix for global buffer overflow in scale factor process function
Bug: 112709994
Test: vendor
Change-Id: Ic201888327c62374a8fcb2b293ac47cd401fede4
2019-02-08 22:22:41 +00:00
Ramesh Katuri
ca454c165e Fix for NPD in ixheaacd_applysbr
Bug:117050164
Test: poc
Change-Id: I4a300f51fd30a30a66fbf795fbdb6c3c8ef682ab
2019-02-08 17:03:05 +00:00
Tripti Tiwari
00cfd09980 Fix for invalid memory access in ixheaacd_init_sbr access.
In this erroneous case, initial few frames don't have sbr
and later sbr is present, causing invalid memory access.

As a fix, removed the condition over sbr initialization,
allowing it to initialize sbr independent of sbr being
present or not.

Bug:118685461
Bug:120124033
Test: poc
Change-Id: I54810fb8cb20ebeeff6341efbe32f99860aa0a5c
2019-02-01 10:39:02 -08:00
Rajat Kumar
eb58cff832 Fix for array bound overflows
Added bound checks and handled the respective returned
error across source and header files.

Bug:120452956
Test: vendor, poc
Change-Id: I5a9ebf68e7a5d2f41a0112aff113f0b1b8eeba7c
2019-01-11 14:16:39 -08:00
TreeHugger Robot
2f4e7d8d97 Merge "Fix for integer overflow in xaacdec test bench" 2019-01-07 19:36:31 +00:00
TreeHugger Robot
a0e487a8bd Merge "Fix for few uninitialized accesses" 2019-01-07 19:32:27 +00:00
Ray Essick
7ead99042a Merge "Bit buffer error handling using setjmp and longjmp" 2019-01-04 23:12:23 +00:00
Ramesh Katuri
e862c5ddc5 Fix for uninitialized bit buffer variables
Bug:118355146
Test: vendor
Change-Id: I22c5019989036354360687265c758fd86fa26ddc
2019-01-03 15:46:18 -08:00
Ramesh Katuri
e988b01822 Bit buffer error handling using setjmp and longjmp
Bug: 112552816
Bug: 116774502
Bug: 117531281
Bug: 118145923
Bug: 120124041
Test: vendor
Change-Id: Ib11c82a8cf728c8a0a841b5fc0452daa1a5b37be
2019-01-02 14:08:58 -08:00
Rajat Kumar
1453c9d50a Fix for integer overflow in xaacdec test bench
p_obj_exhaacplus_dec->aac_config.ui_n_channels and
p_obj_exhaacplus_dec->aac_config.i_channel_mask initialized
to default values in pre config to avoid propagation of
uninitialized values in erroneous cases.

Bug:119798143
Test: poc
Change-Id: I757359818b0dbbf98c94551e4e54ed7e4d7c206a
2019-01-02 11:02:39 -08:00
TreeHugger Robot
00e3408f15 Merge "Fix for segmentation fault in ixheaacd_dec_execute" 2018-12-29 00:03:41 +00:00
TreeHugger Robot
c27192a5bb Merge "Fix for use of uninitialized variable in ixheaacd_read_block_data." 2018-12-28 23:11:47 +00:00
Rajat Kumar
ee90aac01b Fix for Heap buffer overflow in main process function
Initialized num_ch to zero and moved num_ch update outside
if (skip_full_decode == 0) condition to avoid propagation
of uninitialized or wrong num_ch for all cases.

Bug:120590841
Test: vendor, poc
Change-Id: I8aca82be8a20689547a2b85f8f3a06700b9927d2
2018-12-28 09:44:41 -08:00
Ramesh Katuri
b17f1b007f Fix for segmentation fault in ixheaacd_dec_execute
ixheaacd_aac_decoder_init() is called inside ixheaacd_dec_execute().
ixheaacd_aac_decoder_init() will return NULL pointer in failure case and
pointer to aac decoder structure in successful case.

After this function NULL pointer check before de-referencing is missing
which is causing segmentation fault.

As a fix NULL pointer check is added

Bug:118615735
Test: vendor
Change-Id: I0e9a22e0f97dc99c238a026bf0fd693c3e93e4e7
2018-12-22 05:58:47 -08:00
Tripti Tiwari
34f516c4c8 Fix for use of uninitialized variable in ixheaacd_read_block_data.
Valgrind has reported use of uninitialized variable in
ixheaacd_read_block_data, which is caused due to uninitialized
api object.

As fix, initialized the api object.

Bug:118615735.
Test: vendor
Change-Id: Ib2702eac2c2f659589ce7616a9818913879ff3de
2018-12-22 05:57:18 -08:00
Tripti Tiwari
71c5edac0b Fix for few uninitialized accesses
Valgrind had reported use of uninitialized variables, ref_fwd in
ixheaacd_bi_dir_est_lower_scf_cur_frame, in
ixheaacd_process_win_seq due to uninitialized scratch memory and
for p_arr_qmf_buf_real in ixheaacd_sbr_dec.

As a fix, initialized the local variables and all malloc memories.

Bug:118615501
Test: vendor
Change-Id: I37c941aad42cdeadba4663ff1f9959e98a9f6c8a
2018-12-22 05:53:38 -08:00
Ramesh Katuri
8a7b96d6fd Fix to handle multiple CSD's in a stream
header_dec_done flag was set to 1 after decoding the first CSD.
When multiple CSDs are present in a stream this flag should
be reset to 0, after the first CSD is decoded to decode the
next CSD successfully. We have added this fix at two places,
first one is for USAC streams and other is for the rest.

Bug: 113624510
Test: poc
Change-Id: I000807341b8b1e42d42c88685fd9775c98a29fc6
2018-10-04 16:19:55 -07:00
Ramesh Katuri
c870c1c056 Fix for un-initialized adts header structure in api
adts header has been initialized to zero

Bug:113035224
Test: poc
Change-Id: I2885a16c8919fd9ce95982899eab90c1896db653
2018-09-18 17:14:32 -07:00
TreeHugger Robot
7bcd685928 Merge "Fix for stack buffer underflow in sbr" 2018-09-12 19:23:35 +00:00
Ramesh Katuri
4b4d251b4a Fix for NPD in case of single coupling channel element.
Reason for crash:
    For the below reported issues input stream has only one
coupling channel element. As per the specification coupling
channel element should be associated with at least one main
channel element.

We have different output buffers for main channel
and coupling channel. In this error case the coupling
channel output buffer is not getting updated because
there is no main channel, so main decode is called with
output buffer pointing to NULL.
This is the reason for all the issues listed below.

Bug:112551721
Bug:112704700
Bug:112706520
Bug:112710190
Bug:112712274
Bug:112717301
Test: re-run poc
Change-Id: Ife593ca4ae21f05555b6a89092ff76b974e28a67
(cherry picked from commit b5597cea85)
2018-09-10 23:19:31 +00:00
Ramesh Katuri
79bcb536d6 Merge "Fix for NPD in case of single coupling channel element." into pi-dev am: 3320901848
am: 9f984c3d53

Change-Id: Ia3ac7fbf6a0775b26d9cf88c0a7c62635701b34b
2018-09-06 12:42:50 -07:00
Ramesh Katuri
b5597cea85 Fix for NPD in case of single coupling channel element.
Reason for crash:
    For the below reported issues input stream has only one
coupling channel element. As per the specification coupling
channel element should be associated with at least one main
channel element.

We have different output buffers for main channel
and coupling channel. In this error case the coupling
channel output buffer is not getting updated because
there is no main channel, so main decode is called with
output buffer pointing to NULL.
This is the reason for all the issues listed below.

Bug:112551721
Bug:112704700
Bug:112706520
Bug:112710190
Bug:112712274
Bug:112717301
Test: re-run poc
Change-Id: Ife593ca4ae21f05555b6a89092ff76b974e28a67
2018-09-06 09:53:01 -07:00
Ramesh Katuri
ace5ddf259 Fix for crash in aac decode frame
This is an erroneous stream in which element is SCE and
channel config in general audio header is 2.

Added check the handle such erroneous cases

Bug:112705708
Test: re-ran poc
Change-Id: Ia1f057621ae954f6ae53027301cf6f1f6780011b
2018-09-04 11:00:08 -07:00
Ramesh Katuri
69f8d42a89 Fix for stack buffer underflow in sbr
Sbr frame size is not getting updated in all the sbr decoder
calling paths, because of which in one of the paths the number
of samples are passed as 0 to sbr decode call.

Inside the sbr decode call one of the buffer is accessed with
(shifted value of this number of samples - offset),
which is becoming negative in this cause. This negative offset
is causing OOB read access.

Bug:113263695
Test: poc from bug
Change-Id: I8fb5391a6ba9dd4919f8b761de295d02dda685b4
2018-09-04 10:39:04 -07:00
Ramesh Katuri
b3226ce6f8 Formatting changes
Formatting .c and .h files using clang-format
Formatting .s files

Bug: 80493357
Test: compare object sizes
Change-Id: I38296083c9d2d566a6a2564db2e391e4b2bd43a9
2018-06-07 16:52:19 -07:00
Ray Essick
4908247643 Sanitization fixes from new CTS tests
Updates from vendor to remedy issues exposed by new CTS tests

Bug: 77287124
Test: CTS DecoderTest, DecoderTest{AacDrc,XheAac}

@ Sanitizer fixes in libxaac

Fixes few integer overflow sanitizer errors
Progagate few errors
ENABLE_DRC macro is removed
AMMENDMENT1 macro is removed

Change-Id: Ic61163dfd6318bd4a00ed45e1295c819cb0f637b

@ Add support for audio pre-roll and DRC effect type

Also includes the following
MPEG-D DRC parameters related changes
USAC config switch changes
SBR config switch changes

Bug: 80133175
Change-Id: I0ab25641768cf523b66f7b0fcb4137429c1c4a77

@ Fixed trailing spaces

Change-Id: I32de0c9d3f7237e1fbf8dfef1cac485ef8458173

@ Replaced tabs

Change-Id: Ic741ee13d7b978b37edc27d087903caaa40b8d90
2018-05-25 11:35:52 -07:00
Ray Essick
51aa06e124 Bring xHE-AAC into pi-dev branch
bring the multi-commit integration from master to pi-dev

libxaac multi-arch cleanup

Change-Id: Ibcefa14f439e75f48a54955c9abf1a06c418e41e
Change-Id: Ia7a9b1e4de0add847c136f6f545b81dc8087521d
Change-Id: I12c3f8414dc9971017de223e88f292f8982a5c9b

Fix dependency error in Android.bp
Change-Id: Ic54f688736b3f2a70172676e4cee22aea4cbd705

Localized Android.bp
Change-Id: I68c4fc24fca279104c8ce2129fd4a3ed8d116b9b

Import xHE-AAC decoder from Ittiam
Change-Id: I3c8d124033f967b29d6e384cce5c843ee17a7bb1

Bug: 77287124
Test: build, cts DecoderTest
2018-05-17 14:36:48 -07:00