wrapper/libxaac
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Fix for array bound overflows"

Browse source
This commit is contained in:
TreeHugger Robot 2019-01-28 19:15:34 +00:00 committed by Android (Google) Code Review
commit 4d7d9daad6
12 changed files with 64 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

5
decoder/ixheaacd_aac_rom.h
View file

@ -21,6 +21,7 @@
#define IXHEAACD_AAC_ROM_H
#define AAC_NF_NO_RANDOM_VAL 512
#define MAX_CB_SIZE 13
typedef struct {
WORD32 ixheaacd_pow_table_Q13[129];
@ -153,8 +154,8 @@ typedef struct {
WORD16 sfb_long_table[52];
WORD16 sfb_short_table[16];
UWORD16 *code_book[13];
UWORD32 *index_table[13];
UWORD16 *code_book[MAX_CB_SIZE];
UWORD32 *index_table[MAX_CB_SIZE];
WORD8 *scale_fac_bands_512[16];
WORD8 *scale_fac_bands_480[16];

2
decoder/ixheaacd_api.c
View file

@ -1460,7 +1460,7 @@ IA_ERRORCODE ixheaacd_dec_init(
p_obj_exhaacplus_dec, inbuffer, outbuffer, &out_bytes,
frames_done, pcm_size,
&p_obj_exhaacplus_dec->p_state_aac->num_of_output_ch);
if (error_code == -1) return error_code;
if (error_code) return error_code;
p_obj_exhaacplus_dec->p_state_aac->frame_counter++;
} else {
out_bytes = 0;

4
decoder/ixheaacd_avq_dec.c
View file

@ -31,8 +31,8 @@
extern const WORD32 ixheaacd_factorial_7[8];
extern const WORD32 ixheaacd_iso_code_index_table[LEN_ABS_LEADER];
extern const UWORD8 ixheaacd_iso_code_data_table[LEN_ABS_LEADER];
extern const UWORD32 ixheaacd_signed_leader_is[LEN_ABS_LEADER];
extern const UWORD8 ixheaacd_iso_code_data_table[LEN_SIGN_LEADER];
extern const UWORD32 ixheaacd_signed_leader_is[LEN_SIGN_LEADER];
extern const WORD32 ixheaacd_iso_code_num_table[],
ixheaacd_pos_abs_leaders_a3[], ixheaacd_pos_abs_leaders_a4[];
extern const UWORD8 ixheaacd_absolute_leader_tab_da[][8];

30
decoder/ixheaacd_env_dec.c
View file

@ -20,6 +20,7 @@
#include <string.h>
#include "ixheaacd_sbr_common.h"
#include <ixheaacd_type_def.h>
#include "ixheaacd_error_standards.h"
#include "ixheaacd_constants.h"
#include <ixheaacd_basic_ops32.h>
@ -377,9 +378,10 @@ VOID ixheaacd_add_arr(WORD16 *ptr1, WORD16 *ptr2, WORD32 num) {
}
}
VOID ixheaacd_calc_noise_floor(ia_sbr_header_data_struct *ptr_header_data,
ia_sbr_frame_info_data_struct *ptr_sbr_data,
ia_sbr_prev_frame_data_struct *ptr_prev_data) {
IA_ERRORCODE ixheaacd_calc_noise_floor(
ia_sbr_header_data_struct *ptr_header_data,
ia_sbr_frame_info_data_struct *ptr_sbr_data,
ia_sbr_prev_frame_data_struct *ptr_prev_data) {
WORD32 i;
WORD32 num_nf_bands;
WORD32 num_noise_env;
@ -424,6 +426,8 @@ VOID ixheaacd_calc_noise_floor(ia_sbr_header_data_struct *ptr_header_data,
ixheaacd_limit_noise_floor_fac(ptr_header_data, ptr_sbr_data);
ixheaacd_drc_offset = num_nf_bands * (num_noise_env - 1);
if (ixheaacd_drc_offset < 0 || ixheaacd_drc_offset >= MAX_NUM_NOISE_VALUES)
return IA_FATAL_ERROR;
ptr1 = &ptr_sbr_data->int_noise_floor[ixheaacd_drc_offset];
ptr2 = ptr_prev_noise_floor;
@ -443,13 +447,16 @@ VOID ixheaacd_calc_noise_floor(ia_sbr_header_data_struct *ptr_header_data,
*ptr_noise_floor++ = (WORD16)(0x4000 + (noise_floor_exp & MASK_FOR_EXP));
}
}
return IA_NO_ERROR;
}
VOID ixheaacd_dec_sbrdata_for_pvc(
IA_ERRORCODE ixheaacd_dec_sbrdata_for_pvc(
ia_sbr_header_data_struct *ptr_header_data,
ia_sbr_frame_info_data_struct *ptr_sbr_data,
ia_sbr_prev_frame_data_struct *ptr_prev_data) {
ixheaacd_calc_noise_floor(ptr_header_data, ptr_sbr_data, ptr_prev_data);
WORD32 err = 0;
err = ixheaacd_calc_noise_floor(ptr_header_data, ptr_sbr_data, ptr_prev_data);
if (err) return err;
if (!ptr_sbr_data->coupling_mode) {
ptr_sbr_data->num_noise_sfac =
@ -458,6 +465,7 @@ VOID ixheaacd_dec_sbrdata_for_pvc(
ixheaacd_dequant_pvc_env_data(ptr_sbr_data->num_noise_sfac,
ptr_sbr_data->flt_noise_floor);
}
return IA_NO_ERROR;
}
VOID ixheaacd_sbr_env_dequant_coup_fix(
@ -589,8 +597,10 @@ WORD32 ixheaacd_dec_sbrdata(ia_sbr_header_data_struct *ptr_header_data_ch_0,
if (err) return err;
ixheaacd_calc_noise_floor(ptr_header_data_ch_0, ptr_sbr_data_ch_0,
ptr_prev_data_ch_0);
err = ixheaacd_calc_noise_floor(ptr_header_data_ch_0, ptr_sbr_data_ch_0,
ptr_prev_data_ch_0);
if (err == (WORD32)IA_FATAL_ERROR) return (WORD32)IA_FATAL_ERROR;
if (!ptr_sbr_data_ch_0->coupling_mode && usac_flag) {
ptr_sbr_data_ch_0->num_noise_sfac =
@ -611,8 +621,10 @@ WORD32 ixheaacd_dec_sbrdata(ia_sbr_header_data_struct *ptr_header_data_ch_0,
if (err) return err;
ixheaacd_calc_noise_floor(ptr_header_data_ch_1, ptr_sbr_data_ch_1,
ptr_prev_data_ch_1);
err = ixheaacd_calc_noise_floor(ptr_header_data_ch_1, ptr_sbr_data_ch_1,
ptr_prev_data_ch_1);
if (err) return err;
if (!ptr_sbr_data_ch_1->coupling_mode && usac_flag) {
ptr_sbr_data_ch_1->num_noise_sfac =

7
decoder/ixheaacd_env_dec.h
View file

@ -28,9 +28,10 @@ WORD32 ixheaacd_dec_sbrdata(ia_sbr_header_data_struct *ptr_header_data_ch_0,
ia_sbr_prev_frame_data_struct *ptr_prev_data_ch_1,
ixheaacd_misc_tables *ptr_common_tables);
VOID ixheaacd_dec_sbrdata_for_pvc(ia_sbr_header_data_struct *ptr_header_data,
ia_sbr_frame_info_data_struct *ptr_sbr_data,
ia_sbr_prev_frame_data_struct *ptr_prev_data);
IA_ERRORCODE ixheaacd_dec_sbrdata_for_pvc(
ia_sbr_header_data_struct *ptr_header_data,
ia_sbr_frame_info_data_struct *ptr_sbr_data,
ia_sbr_prev_frame_data_struct *ptr_prev_data);
VOID ixheaacd_harm_idx_onethreelp(WORD32 *ptr_real_buf, WORD16 *ptr_gain_buf,
WORD scale_change, WORD16 *ptr_sine_level_buf,

4
decoder/ixheaacd_esbr_envcal.c
View file

@ -22,7 +22,7 @@
#include <string.h>
#include <ixheaacd_type_def.h>
#include "ixheaacd_error_standards.h"
#include "ixheaacd_sbr_const.h"
#include "ixheaacd_sbrdecsettings.h"
#include "ixheaacd_bitbuffer.h"
@ -569,6 +569,8 @@ WORD32 ixheaacd_sbr_env_calc(ia_sbr_frame_info_data_struct *frame_data,
}
for (i = 0; i < bs_num_env; i++) {
if (kk > MAX_NOISE_ENVELOPES) return IA_FATAL_ERROR;
if (p_frame_info->border_vec[i] == p_frame_info->noise_border_vec[kk])
kk++, next++;

2
decoder/ixheaacd_esbr_rom.h
View file

@ -57,5 +57,5 @@ extern const FLOAT32 ixheaacd_analy_cos_sin_table_kl_16[16 * 16 * 2];
extern const FLOAT32 ixheaacd_analy_cos_sin_table_kl_24[24 * 24 * 2];
extern const FLOAT32 ixheaacd_analy_cos_sin_table_kl_32[32 * 32 * 2];
extern const FLOAT32 ixheaacd_analy_cos_sin_table_kl_40[40 * 80 * 2];
extern const FLOAT32 ixheaacd_sel_case[4][8];
extern const FLOAT32 ixheaacd_sel_case[5][8];
#endif

3
decoder/ixheaacd_headerdecode.c
View file

@ -19,6 +19,7 @@
*/
#include <stdlib.h>
#include <ixheaacd_type_def.h>
#include "ixheaacd_error_standards.h"
#include "ixheaacd_constants.h"
#include <ixheaacd_basic_ops32.h>
#include <ixheaacd_basic_ops16.h>
@ -1045,6 +1046,8 @@ WORD32 ixheaacd_aac_headerdecode(
return result;
} else if (result == -1)
return -1;
else if (result == (WORD32)IA_FATAL_ERROR)
return IA_FATAL_ERROR;
else
bytes_taken += *bytes_consumed - 1;
continue;

10
decoder/ixheaacd_huff_code_reorder.c
View file

@ -1095,8 +1095,6 @@ static VOID ixheaacd_decode_pcw(ia_bit_buf_struct *itt_bit_buff,
WORD32 num_decoded_bits;
const UWORD8 *ptr_cb_dimension_tbl =
ptr_hcr_info->table_info.ptr_cb_dimension_tbl;
const UWORD16 *cb_table;
const UWORD32 *idx_table;
WORD32 read_word = ixheaacd_aac_showbits_32(itt_bit_buff->ptr_read_next);
WORD32 read_bits = itt_bit_buff->cnt_bits;
@ -1107,8 +1105,8 @@ static VOID ixheaacd_decode_pcw(ia_bit_buf_struct *itt_bit_buff,
ptr_num_ext_sorted_sect_in_sets[num_ext_sorted_sect_in_sets_idx];
ext_sort_sec != 0; ext_sort_sec--) {
codebook = ptr_ext_sorted_cw[ext_sorted_cw_idx];
cb_table = (UWORD16 *)(ptr_aac_tables->code_book[codebook]);
idx_table = (UWORD32 *)(ptr_aac_tables->index_table[codebook]);
if (codebook <= 0) return;
ext_sorted_cw_idx++;
if (ext_sorted_cw_idx >= (MAX_SFB_HCR + MAX_HCR_SETS)) {
return;
@ -1123,6 +1121,8 @@ static VOID ixheaacd_decode_pcw(ia_bit_buf_struct *itt_bit_buff,
if (codebook <= 4) {
WORD32 tbl_sign = 0;
const UWORD16 *cb_table = (UWORD16 *)(ptr_aac_tables->code_book[codebook]);
const UWORD32 *idx_table = (UWORD32 *)(ptr_aac_tables->index_table[codebook]);
if (codebook > 2) {
tbl_sign = 1;
@ -1158,6 +1158,8 @@ static VOID ixheaacd_decode_pcw(ia_bit_buf_struct *itt_bit_buff,
{
WORD32 tbl_sign = 0;
WORD32 huff_mode = 9;
const UWORD16 *cb_table = (UWORD16 *)(ptr_aac_tables->code_book[codebook]);
const UWORD32 *idx_table = (UWORD32 *)(ptr_aac_tables->index_table[codebook]);
num_decoded_bits = 0;
if (codebook > 6) {

13
decoder/ixheaacd_process.c
View file

@ -97,7 +97,7 @@ VOID ixheaacd_allocate_sbr_scr(ia_sbr_scr_struct *sbr_scratch_struct,
WORD total_elements, WORD ch_fac,
WORD32 object_type);
WORD16 ixheaacd_applysbr(
IA_ERRORCODE ixheaacd_applysbr(
ia_handle_sbr_dec_inst_struct self,
ia_aac_dec_sbr_bitstream_struct *p_sbr_bit_stream, WORD16 *core_sample_buf,
WORD16 *codec_num_channels, FLAG frame_status, FLAG down_samp_flag,
@ -105,11 +105,12 @@ WORD16 ixheaacd_applysbr(
WORD32 ch_fac, WORD32 slot_element, ia_bit_buf_struct *it_bit_buff,
ia_drc_dec_struct *pstr_drc_dec, WORD eld_sbr_flag, WORD32 object_type);
WORD16 ixheaacd_esbr_process(ia_usac_data_struct *usac_data,
ia_bit_buf_struct *it_bit_buff,
WORD32 stereo_config_idx, WORD16 num_channels,
WORD32 audio_object_type) {
WORD16 err_code = 0;
IA_ERRORCODE ixheaacd_esbr_process(ia_usac_data_struct *usac_data,
ia_bit_buf_struct *it_bit_buff,
WORD32 stereo_config_idx,
WORD16 num_channels,
WORD32 audio_object_type) {
WORD32 err_code = 0;
ia_aac_dec_sbr_bitstream_struct *esbr_bit_str = &usac_data->esbr_bit_str[0];
ia_handle_sbr_dec_inst_struct self = usac_data->pstr_esbr_dec;

24
decoder/ixheaacd_sbrdecoder.c
View file

@ -238,16 +238,14 @@ WORD32 ixheaacd_prepare_upsamp(ia_sbr_header_data_struct **ptr_header_data,
return err;
}
WORD16 ixheaacd_applysbr(ia_handle_sbr_dec_inst_struct self,
ia_aac_dec_sbr_bitstream_struct *p_sbr_bit_stream,
WORD16 *core_sample_buf, WORD16 *codec_num_channels,
FLAG frame_status, FLAG down_samp_flag,
FLAG down_mix_flag,
ia_sbr_scr_struct *sbr_scratch_struct,
WORD32 ps_enable, WORD32 ch_fac, WORD32 slot_element,
ia_bit_buf_struct *it_bit_buff,
ia_drc_dec_struct *pstr_drc_dec, WORD eld_sbr_flag,
WORD32 audio_object_type) {
IA_ERRORCODE ixheaacd_applysbr(
ia_handle_sbr_dec_inst_struct self,
ia_aac_dec_sbr_bitstream_struct *p_sbr_bit_stream, WORD16 *core_sample_buf,
WORD16 *codec_num_channels, FLAG frame_status, FLAG down_samp_flag,
FLAG down_mix_flag, ia_sbr_scr_struct *sbr_scratch_struct, WORD32 ps_enable,
WORD32 ch_fac, WORD32 slot_element, ia_bit_buf_struct *it_bit_buff,
ia_drc_dec_struct *pstr_drc_dec, WORD eld_sbr_flag,
WORD32 audio_object_type) {
WORD32 k;
FLAG prev_ps_flag = 0;
FLAG ps_flag = 0;
@ -564,8 +562,10 @@ WORD16 ixheaacd_applysbr(ia_handle_sbr_dec_inst_struct self,
if (ptr_header_data[0]->sync_state == SBR_ACTIVE) {
if (ptr_frame_data[0]->sbr_mode == PVC_SBR) {
ixheaacd_dec_sbrdata_for_pvc(ptr_header_data[0], ptr_frame_data[0],
pstr_sbr_channel[0]->pstr_prev_frame_data);
err = ixheaacd_dec_sbrdata_for_pvc(
ptr_header_data[0], ptr_frame_data[0],
pstr_sbr_channel[0]->pstr_prev_frame_data);
if (err) return err;
} else if (ptr_frame_data[0]->sbr_mode == ORIG_SBR) {
err = ixheaacd_dec_sbrdata(
ptr_header_data[0], ptr_header_data[1], ptr_frame_data[0],

2
decoder/ixheaacd_sbrdecoder.h
View file

@ -64,7 +64,7 @@ typedef struct {
VOID *extra_scr_1k[2];
} ia_sbr_scr_struct;
WORD16 ixheaacd_applysbr(
IA_ERRORCODE ixheaacd_applysbr(
ia_handle_sbr_dec_inst_struct self,
ia_aac_dec_sbr_bitstream_struct *p_sbr_bit_stream, WORD16 *core_sample_buf,
WORD16 *codec_num_channels, FLAG frame_status, FLAG down_samp_flag,