wrapper/libxaac
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1206 commits 10 branches 13 tags 16 MiB
Commit graph

536 commits

Author SHA1 Message Date
Ramesh Katuri
0ccd0efbd0 Fix for Segmentation fault in ixheaacd_mps_apply_pre_matrix 
Bug: 110649314
Test: run poc
Change-Id: I40f74385499064c0e982608181d98e9e577df84c
 2018-10-30 14:56:10 -07:00
Ray Essick
69e7a92ab9 Merge "Fix for OOB write in loudness info set ext" into pi-dev 2018-10-30 21:54:50 +00:00
Ray Essick
86a4367f4c Merge "Fix for OOB write in parsing eq sub band gain vector in drc" into pi-dev 2018-10-30 21:51:39 +00:00
Ramesh Katuri
6bd9129c03 Fix for OOB write in parsing eq sub band gain vector in drc 
bounds checking on subband information.

Bug:115908308
Test: vendor
Change-Id: I8cb2684c7f02b287065ef8b0b1a11c7dcf88e6d1
 2018-10-29 16:17:55 -07:00
Ramesh Katuri
851d0d122a Fix for stack buffer overflow in drc loudness control 
Bug:114749542
Test: vendor
Change-Id: I3b394faf8e6659724ee361fb94ec7d89f60eaf5e
 2018-10-29 15:47:53 -07:00
Ray Essick
dbcbdb48e3 Merge "Fix for stack over flow write in drc set pre selection" into pi-dev am: 3ddab42b81 
am: e9f01642ae

Change-Id: I290beae7f39906fbab952640efe6d7b48c0a7060
 2018-10-29 15:22:18 -07:00
Ray Essick
3ddab42b81 Merge "Fix for stack over flow write in drc set pre selection" into pi-dev 2018-10-29 22:08:57 +00:00
Ray Essick
8c4d76093e Merge "Fix for stack overflow in impd parse equalizer coefficients" into pi-dev am: e99fa1316d 
am: a4076520bc

Change-Id: I2994b12f333055c8ddddd9147e36f9c91ac6184a
 2018-10-29 14:47:54 -07:00
Ray Essick
1fe53b9203 Merge "Fix for OOB in parse drc config extension" into pi-dev am: 402fce8468 
am: 19b90a410d

Change-Id: I58be68b51be085ea38a994094e653fa1c0943c72
 2018-10-29 14:39:00 -07:00
Ray Essick
e99fa1316d Merge "Fix for stack overflow in impd parse equalizer coefficients" into pi-dev 2018-10-29 21:28:05 +00:00
Ray Essick
402fce8468 Merge "Fix for OOB in parse drc config extension" into pi-dev 2018-10-29 21:19:30 +00:00
Ramesh Katuri
d3c1212562 Merge "Fix for stack overflow in eq selection in drc module" into pi-dev am: 09cc55d5fa 
am: 226f011619

Change-Id: Iccb00e370ec58bafe5d5d162e318b15b31786bb8
 2018-10-29 13:58:20 -07:00
TreeHugger Robot
09cc55d5fa Merge "Fix for stack overflow in eq selection in drc module" into pi-dev 2018-10-29 20:43:22 +00:00
Ramesh Katuri
5f8f916bfa Fix for OOB in parsing loud equalizer instruction in drc am: 7e8303bbaa 
am: ba8cab6f2d

Change-Id: I77408c0bd6d0d493346c580b05d04642afdf5060
 2018-10-29 11:50:37 -07:00
Ramesh Katuri
8e1635aaea Fix for OOB in parse drc config extension 
Bug:117100617
Test: vendor
Change-Id: I0e6bcbdfb21f40b9687b2d36366112bc67cee88a
 2018-10-27 13:32:43 -07:00
Ramesh Katuri
7e8303bbaa Fix for OOB in parsing loud equalizer instruction in drc 
Bug:116117112
Test: vendor
Change-Id: I9d69d07dc36e8874d1784b4cf1f1a0a4fc99cee7
 2018-10-27 13:23:13 -07:00
Ramesh Katuri
06296604c8 Fix for OOB write in loudness info set ext 
Bug:117099943
Bug: 117100484
Test: Vendor
Change-Id: Id657372bde3b0218108c3d8aa7f9f898cde5b583
 2018-10-27 10:38:12 -07:00
Ramesh Katuri
c14b25793c Fix for stack overflow in impd parse equalizer coefficients 
Bug:115907334
Test: vendor
Change-Id: I031ba8064d24bec2db3ea68beea713387ea19762
 2018-10-27 10:01:23 -07:00
Ramesh Katuri
0c81453dd3 Fix for stack over flow write in drc set pre selection 
Bug:114745929
Test: vendor
Change-Id: I3bbb434d61ce1784db60c47fe7154a9931f97820
 2018-10-27 09:51:20 -07:00
Ramesh Katuri
c26e43d759 Fix for stack overflow in eq selection in drc module 
Bug:114735603
Test: vendor
Change-Id: I83be3dfe1111caa1acd244b0a9ba2a8944c92981
 2018-10-27 09:31:58 -07:00
Ramesh Katuri
90c18b01f1 Fix for global buffer overflow in ixheaacd_tns_apply 
Bug:117049089
Test: vendor, poc no longer reproduces
Change-Id: I9cdd2030316a9858ad2fb845df5d2848d0c53787
 2018-10-22 18:45:39 -07:00
Ramesh Katuri
2b392aa445 Fix for files with unsupported AOT in the first frame 
Bug:116474127
Test: vendor
Change-Id: I2e590168792d555f32c2614fe1e4f8f20ba57343
 2018-10-20 07:56:24 -07:00
Ramesh Katuri
06100c3f05 Fix for OOB write in parsing drc ext 
Validate drc coefficient counts as we parse them from the stream.

Bug: 116224432
Test: vendor
Change-Id: I5a78521b8acfcdc7af96b91e5687d4f02ce49e54
(cherry picked from commit 17825d4a75)
 2018-10-20 00:17:25 +00:00
Ramesh Katuri
9349825e6f Fix for crash due to un-initailized variables in drc module 
Nested loop used wrong subscript in inner loop, leading to bad
iteration count and haphazard clearing of data structure.

Bug: 113885537
Test: vendor
Change-Id: Ia9cb53205f4e91ee99268202114fc2001eae2de3
(cherry picked from commit 988f5bd17c)
 2018-10-20 00:17:23 +00:00
Ramesh Katuri
316b8bbec3 Fix for heap buffer over flow in drc bit stream parsing 
Bound values that we parse from the input stream.

Bug: 115375616
Test: vendor
Change-Id: I357d8e19e377fbe5156e5a639ed9ab99cbfeed52
(cherry picked from commit c90eeb6e61)
 2018-10-20 00:17:21 +00:00
Ramesh Katuri
ed3339bc46 Fix for OOB loudness eq instruction parsing 
Bounds checking on value parsed from input stream.

Bug: 116020594
Test: vendor
Change-Id: I915f36ca27b982c8f1b11a533969e40fbff3b765
(cherry picked from commit cd74db5553)
 2018-10-20 00:17:19 +00:00
Ramesh Katuri
dbf5e31aac Fix for OOB write in filter block parsing in drc 
Bug: 116467350
Bug: 116469592
Test: vendor
Change-Id: I2f7bff1cec3d0d60e9d43217290392bf4e23d207
(cherry picked from commit 69a69acbc9)
 2018-10-20 00:17:18 +00:00
Ramesh Katuri
6741db7ec8 Fix for OOB write in parametric drc instruction parsing 
Bug: 116715245
Test: vendor
Change-Id: I24c7ce7cd8c928d53a9914d116de4c6b408cfb09
(cherry picked from commit d735e2e329)
 2018-10-20 00:17:16 +00:00
Ramesh Katuri
e2f71f3e86 Fix of OOB write in drc downmix instruction count parsing 
Check bounds of parsed value.

Bug: 116619387
Test: vendor
Change-Id: Iada4937f7d99744594a1d457ae1bddefe961ba4f
(cherry picked from commit df1030d8b9)
 2018-10-20 00:17:14 +00:00
Ramesh Katuri
7f0108e464 Fix for OOB write in split drc characteristic parsing 
added bounds check on values parsed from input stream.

Bug: 116619337
Test: vendor
Change-Id: Ia938ce45cb0503c1ddcbeaa5d036c0f57521a38f
(cherry picked from commit 599ca4428a)
 2018-10-20 00:17:12 +00:00
Ramesh Katuri
d004184d5a Fix for OOB write in gain set param's parsing 
Check extracted size against array sizing before proceeding.

Bug: 116715937
Test: poc
Change-Id: Ic26b85683342fa5f508b66f4ad71badb06540f17
(cherry picked from commit 90b76d9431)
 2018-10-20 00:17:10 +00:00
TreeHugger Robot
4c42442b43 Merge "Fix for OOB read in bit stream parsing in mps module" 2018-10-18 01:10:50 +00:00
Ramesh Katuri
625cc920b8 Fix for OOB read in bit stream parsing in mps module 
icc and cld index are calculated using parameters derived
from bit stream.There is no bound check for icc and cld index,
because of which OOB read is happening in mps parsing

After icc and cld index calculation,values are clamped to
avoid OOB read

Bug:112856493
Bug:112858430
Test: poc
Change-Id: I59905926d8a2d1a532bec33e5998a67531a99bd9
 2018-10-17 11:26:32 -07:00
TreeHugger Robot
41dbed9a1f Merge "Fix for crash in hf_generator function in lpp_trans" 2018-10-17 01:18:55 +00:00
TreeHugger Robot
33283eef61 Merge "Fix to handle multiple CSD's in a stream" 2018-10-17 01:05:46 +00:00
Ray Essick
9d61745ee4 Clean an array bounds violation. 
unchecked bounds on array that was also 1 entry to small.

Bug: 110596152
Test: vendor
Change-Id: Ia6c0ddd342257177323a87af85fb42ba24eb8d11
 2018-10-15 17:45:52 -07:00
Ramesh Katuri
6952af9a09 Fix for heap buffer overflow in tns block 
In tns, filtering is applied on spectral data.Based on
filter direction filtering is applied either from start of
spectral data or from end of spectral data. In this error
case filter order is coming more than spectral length,because
of which filter input(spectrum) is accessed more than
what is allocated.

Bug:112609715
Bug:112610994
Bug:113108416
Bug:113164693
Bug:113261927
Bug:113262855
Test: vendor
Change-Id: I8b5faf53bdf3e145f442fe2a029b0fffc5189a94
 2018-10-11 16:51:32 -07:00
Ramesh Katuri
ed631b4da6 Merge "Fix for OOB write in parsing drc ext" into pi-dev am: 3eaf99dd1d 
am: 5f5b0e05a9

Change-Id: Ibc56c5d74393565d28a93fbec240cb0aa15e0d5c
 2018-10-08 13:20:55 -07:00
TreeHugger Robot
3eaf99dd1d Merge "Fix for OOB write in parsing drc ext" into pi-dev 2018-10-08 19:59:34 +00:00
TreeHugger Robot
ddd686f4fd Merge "Fix for NPD in manage drc complexity" 2018-10-06 00:15:21 +00:00
Ramesh Katuri
f544a9813a Fix for crash due to un-initailized variables in drc module am: 988f5bd17c 
am: fb716d4167

Change-Id: I42dadd51af6155e592ea655e126175263e9b1115
 2018-10-05 11:48:25 -07:00
Ramesh Katuri
7fce5ed13c Fix for NPD in manage drc complexity 
check pointer returned from impd_select_drc_coeff3() before using it.

Bug: 114749884
Test: vendor
Change-Id: I682c107dee5ae5cddfdb7413854ad3065421fa4a
 2018-10-05 10:04:50 -07:00
Ramesh Katuri
8a7b96d6fd Fix to handle multiple CSD's in a stream 
header_dec_done flag was set to 1 after decoding the first CSD.
When multiple CSDs are present in a stream this flag should
be reset to 0, after the first CSD is decoded to decode the
next CSD successfully. We have added this fix at two places,
first one is for USAC streams and other is for the rest.

Bug: 113624510
Test: poc
Change-Id: I000807341b8b1e42d42c88685fd9775c98a29fc6
 2018-10-04 16:19:55 -07:00
Ramesh Katuri
9706a11e54 Fix for crash in hf_generator function in lpp_trans 
Number of envelopes is becoming zero because of erroneous input
stream.Inside SBR start band and stop band are calculated based
on number of envelope's.

In this case end position is becoming zero, which in turn makes
start bands as negative. In sbr processing buffer is accessed
from start to stop band. This is causing OOB read access

Bug:114744962
Test: poc
Change-Id: Ib51fc464d0afc2f5a68d860fcde1b8961fd69d40
 2018-10-04 11:23:25 -07:00
Ramesh Katuri
988f5bd17c Fix for crash due to un-initailized variables in drc module 
Nested loop used wrong subscript in inner loop, leading to bad
iteration count and haphazard clearing of data structure.

Bug: 113885537
Test: vendor
Change-Id: Ia9cb53205f4e91ee99268202114fc2001eae2de3
 2018-10-04 10:59:52 -07:00
Ramesh Katuri
6d56d0914f Fix for heap buffer overflow in read section data 
compare parsed values against array dimensions, since fields can hold
larger numbers than the array's are dimensioned to handle.

Bug: 112611363
Test: poc
Change-Id: I56b1c738cade376a39e8e9c588fc73f9602567f2
 2018-10-03 16:54:46 -07:00
Ramesh Katuri
b3c5bcb7bd Merge "Fix for heap buffer over flow in drc bit stream parsing" into pi-dev am: 8630b598a9 
am: f635721bc0

Change-Id: Id70277c8ae7e1e558a1a1627a3491e3bc1633442
 2018-10-02 20:29:02 -07:00
Ramesh Katuri
52128bb031 Merge "Fix for OOB loudness eq instruction parsing" into pi-dev am: c7c160e98c 
am: f3efd5a31b

Change-Id: Ie9a1b0fec5a3e8dffd4de03f1faf99c3157998b1
 2018-10-02 20:28:43 -07:00
Ramesh Katuri
a48d66302a Merge "Fix for OOB write in filter block parsing in drc" into pi-dev am: 84b3433dbd 
am: cb41b4fd48

Change-Id: Ibf2ba4586af7f898115f78da43e7e3477d5839df
 2018-10-02 20:22:29 -07:00
Ramesh Katuri
4f33cab59b Merge "Fix for OOB write in parametric drc instruction parsing" into pi-dev am: a97968adcd 
am: ecb0d6f203

Change-Id: Ia7b4153889b2eb9139606f09b544450e30e82d49
 2018-10-02 20:21:33 -07:00