Addition overflow was observed in function ixheaacd_shr32_drc.
After fixing this issue we observed an infinite loop in
ixheaacd_reset_hf_generator(), which is fixed in the current CL
Bug:118388357
Test: vendor + poc
Change-Id: I95ebac387057e170763e230fc081a2bb57312ebd
p_obj_exhaacplus_dec->aac_config.ui_n_channels and
p_obj_exhaacplus_dec->aac_config.i_channel_mask initialized
to default values in pre config to avoid propagation of
uninitialized values in erroneous cases.
Bug:119798143
Test: poc
Change-Id: I757359818b0dbbf98c94551e4e54ed7e4d7c206a
bs_gain_set_idx is a 6 bit field read from bitstream, which is used
to access gain_set_index_for_channel_group[] whose size is GAIN_SET_COUNT_MAX
which is 24.bs_gain_set_idx value greater than 23 is causing oob access.
As fix for this issue bound check is added for bs_gain_set_idx
Bug:119263784
Test: vendor
Change-Id: I26d3668c54a739016c1102158c73db49cb35f1c4
valgrind has reported usage of un-initialized variable for elements
of structure pstr_core_coder.
As a fix initialized the structure with memset.
Bug:118492594
Test: vendor
Change-Id: If1ce7f04ae03b58f44b9b551cab2461349e48394
valgrind has reported usage of un-initialized variable,interpolate_local
in,ixheaacd_mps_mapindexdata().
As a fix interpolate_local variable is initialized to zero
Bug:118492282
Test: vendor
Change-Id: I741fa634a4f0481b59acbbb88b4cd7a44200bed6
Initialized num_ch to zero and moved num_ch update outside
if (skip_full_decode == 0) condition to avoid propagation
of uninitialized or wrong num_ch for all cases.
Bug:120590841
Test: vendor, poc
Change-Id: I8aca82be8a20689547a2b85f8f3a06700b9927d2
ixheaacd_aac_decoder_init() is called inside ixheaacd_dec_execute().
ixheaacd_aac_decoder_init() will return NULL pointer in failure case and
pointer to aac decoder structure in successful case.
After this function NULL pointer check before de-referencing is missing
which is causing segmentation fault.
As a fix NULL pointer check is added
Bug:118615735
Test: vendor
Change-Id: I0e9a22e0f97dc99c238a026bf0fd693c3e93e4e7
The numbers stored in the table
common_tables_ptr->cc_gain_scale are multiplied with itself,
((-norm_value) - 1) times and stored in ind_channel_info->cc_gain.
Since the number stored in common_tables_ptr->cc_gain_scale
has a q factor of 29, the result is right shifted by 29 to maintain
the same q factor.
Bug:112705155
Test: vendor
Change-Id: I94199d172e4d3ad511dbae3a49d76f8e440fe724
Valgrind has reported use of uninitialized variable in
ixheaacd_read_block_data, which is caused due to uninitialized
api object.
As fix, initialized the api object.
Bug:118615735.
Test: vendor
Change-Id: Ib2702eac2c2f659589ce7616a9818913879ff3de
Valgrind had reported use of uninitialized variables, ref_fwd in
ixheaacd_bi_dir_est_lower_scf_cur_frame, in
ixheaacd_process_win_seq due to uninitialized scratch memory and
for p_arr_qmf_buf_real in ixheaacd_sbr_dec.
As a fix, initialized the local variables and all malloc memories.
Bug:118615501
Test: vendor
Change-Id: I37c941aad42cdeadba4663ff1f9959e98a9f6c8a
gain_set_index_for_channel_group[] is any array of size
CHANNEL_GROUP_COUNT_MAX i.e 24. This array is accessed using
str_drc_instruction_str->num_drc_ch_groups as index, whose
value can be more than 24.
Bound check is added for str_drc_instruction_str->num_drc_ch_groups
before accessing gain_set_index_for_channel_group[]
Bug:117832864
Test: vendor
Change-Id: I3799c2de6926f1193a5e0193bc3b5863c478d4ab
