Commit graph

294 commits

Author SHA1 Message Date
Ramesh Katuri
d02fcccd4b Fix for addition overflow in voronoi_idx_dec
Added saturation check in ixheaacd_avq_dec.c file.

Bug:126154841
Test: poc
Change-Id: I8fe1e1b194bdde2854bb3b41c2b8b9bf00afc125
2019-03-21 15:28:09 -07:00
TreeHugger Robot
68e7ffa52a Merge "Fixes for integer overflows in ixheaacd_fft.c file." 2019-03-19 04:48:30 +00:00
Ramesh Katuri
b06bd79f1b Fix for Heap buffer overflow in read bit buffer for latm stream
for latm stream other_data_length is read from the bit stream.

For this stream this value is becoming very high, which is beyond
bit buffer boundaries.

As a fix if the value is more than bit buffer size we are returning
fatal error.

Bug:124210105
Test: poc
Change-Id: Id93e5dbdbbd4aab428401da0ea72422d192bcdec
2019-03-16 16:02:47 -07:00
Rajat Kumar
976e950918 Fixes for integer overflows in ixheaacd_fft.c file.
Added addition and subtraction saturation checks
throughout ixheaacd_fft.c file.

Bug:124022940
Bug:124023732
Bug:124024270
Test: poc
Change-Id: Ie9fc7b1b301df968c7ba0b41b4b5532d2a957abd
2019-03-09 08:17:00 -08:00
TreeHugger Robot
eaf820d8f7 Merge "Fix for array out of bound access in multichannel.c file" 2019-03-09 04:32:25 +00:00
TreeHugger Robot
4e1da7999e Merge "Fix integer overflows in ixheaacd_harm_idx_zerotwo and ixheaacd_harm_idx_onethree" 2019-03-08 19:31:46 +00:00
TreeHugger Robot
995c9b52c9 Merge "Fix for OOB write in ixheaacd_real_synth_filt." 2019-03-08 15:01:34 +00:00
TreeHugger Robot
7b0b01f14d Merge "Fix for heap-buffer-overflow in ixheaacd_aac_showbits_32" 2019-03-08 14:57:21 +00:00
Rajat Kumar
a2e013254b Fix for array out of bound access in multichannel.c file
Array common_gain_element_present was accessed with an index of 10,
so a check has been added as fix and error return code handling has
been modified.

Bug:124022181
Test: poc
Change-Id: Ic9be00f6a9cec2df433e7a5f86616da5e98c9e05
2019-03-01 17:56:08 -08:00
TreeHugger Robot
00cd0bb17c Merge "Fix for multiplication overflow in voronoi_idx_dec function" 2019-02-26 00:16:29 +00:00
TreeHugger Robot
34571bd9d3 Merge "Fixes for integer overflow at many places in ixheaacd_qmf_dec.c file" 2019-02-25 20:14:38 +00:00
TreeHugger Robot
5833bdf746 Merge "Fix for out of bound array access in decode hcr_non_pcw function" 2019-02-25 17:46:14 +00:00
Rajat Kumar
63f32daf11 Fixes for integer overflow at many places in ixheaacd_qmf_dec.c file
the operations in the affected routines now use saturation.

Bug: 124022347
Test: vendor+poc
Change-Id: I3a9fcc39e01b576c3661ada4b8a14f90be456b1c
2019-02-24 20:05:49 -08:00
Ray Essick
e5eb426d1a Merge changes from topic "xaac_b112709994"
* changes:
  Fix for global buffer overflow in scale factor process function
  Fix for NPD in ixheaacd_applysbr
2019-02-24 23:55:19 +00:00
Rajat Kumar
31bb626fb3 Fix for multiplication overflow in voronoi_idx_dec function
Multiplication by two is replaced by left shift by one and
saturate to avoid integer overflow.

Bug:124023736
Test: vendor+poc
Change-Id: I2b1ffead5f1c72106550d0b81d0cbd6c71acfde6
2019-02-22 21:17:30 -08:00
Rajat Kumar
076b008bea Fix for out of bound array access in decode hcr_non_pcw function
Bug:123974741
Test: vendor+poc
Change-Id: Icbad136f3bc021fd0f96540cc24215818cf59d79
2019-02-22 19:09:34 -08:00
Tripti Tiwari
9a5461c37d Fix for OOB write in ixheaacd_real_synth_filt.
In erroneous case, qmf_band_idx becomes negative,
causing synth table pointer corruption.

As fix, added bound check on qmf_band_idx.

Bug:118494320
Test: vendor
Change-Id: Ia16a0a879a5621676b7756d80d12f2c761bb020b
2019-02-22 18:51:11 -08:00
Ramesh Katuri
2c9929c4a3 Fix for heap-buffer-overflow in ixheaacd_aac_showbits_32
Better feedback from a bit reading routine, allowing separate offset
adjustments into buffer.

Bug:117610057
Test: vendor+poc
Change-Id: I3031cc50a727987512e2b8979fe14cbe23778245
2019-02-22 18:28:54 -08:00
TreeHugger Robot
468eb7debe Merge "Cleanup memory allocation for DRC buffers" 2019-02-23 01:32:20 +00:00
Pirama Arumuga Nainar
266216e42b Merge "Mark two inline functions as static" am: 624825bb2e am: cc99c427a1
am: 153f44de04

Change-Id: Ib163444b0cbeca4ffc3a79cc94b48d1cd9da18ee
2019-02-20 11:18:20 -08:00
Pirama Arumuga Nainar
153f44de04 Merge "Mark two inline functions as static" am: 624825bb2e
am: cc99c427a1

Change-Id: Ice5ebf305594238aa721abc83df2d6631e741a5a
2019-02-20 10:06:21 -08:00
Pirama Arumuga Nainar
624825bb2e Merge "Mark two inline functions as static" 2019-02-20 16:29:59 +00:00
Pirama Arumuga Nainar
0be5c447de Mark two inline functions as static
Bug: http://b/116873221

Mark ixheaacd_init_sbr_tables and ixheaacd_filt_buf_update as static, so
clang emits an out-of-line definition for it.  This fixes the coverage
build, that builds with O0, where the functions don't get inlined.

As an unrelated cleanup, remove an extra declaration of
ixheaacd_filt_buf_update.

Test: Build with coverage
Change-Id: Ia92f1d73c404193116fa3f269948027c771a43bf
2019-02-19 11:03:06 -08:00
Rajat Kumar
8913b0b126 Fix for global buffer overflow in scale factor process function
Bug: 112709994
Test: vendor
Change-Id: Ic201888327c62374a8fcb2b293ac47cd401fede4
2019-02-08 22:22:41 +00:00
TreeHugger Robot
1deaf88b6e Merge "Fix for invalid memory access in ixheaacd_init_sbr access." 2019-02-08 20:33:18 +00:00
TreeHugger Robot
f986e101ae Merge "Fix for integer overflow in ixheaacd_decode_init()" 2019-02-08 20:29:18 +00:00
TreeHugger Robot
ca93ed6307 Merge "Fix for integer overflow in ixheaacd_cal_fac_data" 2019-02-08 18:44:25 +00:00
TreeHugger Robot
07b0a15be9 Merge "Fix for stack-buffer-overflow in ixheaacd_generate_hf" 2019-02-08 18:43:05 +00:00
Ramesh Katuri
ca454c165e Fix for NPD in ixheaacd_applysbr
Bug:117050164
Test: poc
Change-Id: I4a300f51fd30a30a66fbf795fbdb6c3c8ef682ab
2019-02-08 17:03:05 +00:00
Ramesh Katuri
fe1d70bf7e Cleanup memory allocation for DRC buffers
This fixes un intialized data access in loudness equalizer selection
Memory allocation and distribution inside DRC module was cleaned up.
Memory clean-up changes were done inside the library and in test bench.
Similar changes were done in OMX and C2 plug-in as well.

Bug: 115509210
Test: vendor+poc
Change-Id: I6a2bf5fe6eeecc5d0fec395af020aef8221a5f93
2019-02-04 12:12:13 -08:00
Tripti Tiwari
f86897eaad Fix for integer overflow in ixheaacd_cal_fac_data
Negation overflow occurs in ixheaacd_cal_fac_data.

As fix, added saturation check in absolute value
calculation.

Bug:120250030
Test: vendor
Change-Id: Ie310d9d21fc12fc76135fa7b411572d3673fe871
2019-02-01 11:20:25 -08:00
Rajat Kumar
864279697e Fix for integer overflow's in ixheaacd_voronoi_search
Saturation checks has been added after 32 bit
additions and multiplication to avoid integer
overflows in this CL.

Bug:120252825
Test: poc
Change-Id: Ifec303f477de51c218f8cfeb8a4a8ac3e570fcd5
2019-02-01 10:52:08 -08:00
Tripti Tiwari
00cfd09980 Fix for invalid memory access in ixheaacd_init_sbr access.
In this erroneous case, initial few frames don't have sbr
and later sbr is present, causing invalid memory access.

As a fix, removed the condition over sbr initialization,
allowing it to initialize sbr independent of sbr being
present or not.

Bug:118685461
Bug:120124033
Test: poc
Change-Id: I54810fb8cb20ebeeff6341efbe32f99860aa0a5c
2019-02-01 10:39:02 -08:00
Ramesh Katuri
ad50545546 Fix for stack-buffer-overflow in ixheaacd_generate_hf
Bug:117051619
Test: vendor + poc
Change-Id: Ie7067ed5104a7fabc99ac7bd46516a6be4a5e481
2019-01-31 17:23:34 -08:00
Rajat Kumar
d072fea560 Fix integer overflows in ixheaacd_harm_idx_zerotwo and ixheaacd_harm_idx_onethree
convert several operations to saturating operations.

Bug:123079522
Test: vendor + poc
Change-Id: I56a8c73de96a9d53e17ef3fdba0b69ba37519a25
2019-01-31 16:46:48 -08:00
TreeHugger Robot
4d7d9daad6 Merge "Fix for array bound overflows" 2019-01-28 19:15:34 +00:00
Rajat Kumar
5e84510dff Fix for invalid read of data below stack pointer
eliminate [sp, <negativeconstant> ] references by growing stack appropriately
larger and adjusting all sp-based offsets.

Bug:117660045
Test: vendor
Change-Id: I927a98c3da2dd331bd9205712404941fae5c3f81
(cherry picked from commit de3801a089)
2019-01-23 17:50:40 +00:00
Ray Essick
23770a90e5 Merge "Fix for invalid read of data below stack pointer" 2019-01-23 17:18:54 +00:00
TreeHugger Robot
ae3f833889 Merge "Fix for integer overflow in ixheaacd_voronoi_search" 2019-01-18 01:44:23 +00:00
Tripti Tiwari
1908d24066 Fix for integer overflow in ixheaacd_voronoi_search
Subtraction overflow occurs in ixheaacd_voronoi_search.
As fix, saturation check added.

Bug:120064853
Test: vendor
Change-Id: If8c6c21c4d77d2c60e34db6296e500e448c3ed8b
2019-01-17 16:05:08 -08:00
Ramesh Katuri
7431cc93ad Fix for crash in ixheaacd_filter_and_add
Use saturating math in many places to avoid integer overflow.

Bug: 117048334
Test: vendor
Change-Id: I6ba53797035b812002f85ef67ef0f6a73b650aca
2019-01-17 14:36:09 -08:00
Ray Essick
ac85257e25 Merge "Fix for crash in ixheaacd_rvlc_dec" 2019-01-17 16:58:39 +00:00
TreeHugger Robot
6bf18bef96 Merge "Fix for crash in in ixheaacd_core_coder_data" 2019-01-17 02:31:21 +00:00
TreeHugger Robot
78c8e8d43d Merge "Fix for crash in ixheaacd_voronoi_idx_dec" 2019-01-16 16:10:56 +00:00
TreeHugger Robot
27c3699b3d Merge "Fix for crash in ixheaacd_ga_hdr_dec" 2019-01-15 01:41:39 +00:00
Ramesh Katuri
51a9c02020 Fix for crash in in ixheaacd_core_coder_data
Bug:117047613
Test: vendor
Change-Id: Ia64ca8a0e65bfa41e05cd53e4ebd39c02768edef
2019-01-14 17:24:00 -08:00
Ramesh Katuri
43b2e7c94c Fix for crash in ixheaacd_voronoi_idx_dec
Bug:117047616
Test: vendor + poc
Change-Id: I01fedfe098a3128b4ee965566054e889003e6667
2019-01-14 17:10:34 -08:00
Rajat Kumar
eb58cff832 Fix for array bound overflows
Added bound checks and handled the respective returned
error across source and header files.

Bug:120452956
Test: vendor, poc
Change-Id: I5a9ebf68e7a5d2f41a0112aff113f0b1b8eeba7c
2019-01-11 14:16:39 -08:00
Rajat Kumar
de3801a089 Fix for invalid read of data below stack pointer
eliminate [sp, <negativeconstant> ] references by growing stack appropriately
larger and adjusting all sp-based offsets.

Bug:117660045
Test: vendor
Change-Id: I927a98c3da2dd331bd9205712404941fae5c3f81
2019-01-11 12:31:08 -08:00
Ramesh Katuri
acae580792 Fix for crash in ixheaacd_rvlc_dec
Instead of saving the cnt_bits and later doing the math
(which was causing integer overflow) to restore bit-buffer
values, we are saving the bit-buffer structure at the start
and then restoring it at the end of the function.

Bug:116843194
Test: vendor
Change-Id: I956e36e1b5d7823171d5d04a9058205b69c65be7
2019-01-11 10:40:28 -08:00