* Fix for UBSAN issue observed with libxaac decoder
Significance:
- This change propogates the error returned from ixheaacd_heaac_mps_apply
to ixheaacd_dec_execute.
Testing:
- All previous fuzzer crashes are tested. No crash observed.
- CTS and Conformance for x86, x86_64, armv7 and armv8 are passing.
* Fix for UBSAN issue observed with libxaac Decoder
Significance:
- Comparison is made against IA_NO_ERROR using 'not equal to', instead of checking for equality with IA_FATAL_ERROR
Testing:
- All previous fuzzer crashes are tested. No crash observed.
- CTS and Conformance for x86, x86_64, armv7 and armv8 are passing.
* Loudness leveling support for encoder and decoder
- Addition of loudness leveling support to encoder and
decoder as per ISO/IEC 23003-4:2020/Amd.2:2023(E)
Testing:
Encoder: Smoke-test
Decoder: CTS and Conformance for x86, x86_64, armv7 and armv8 are
passing
* Addressed review comments
* Addressed minor nits in documentation
---------
Co-authored-by: Akshay Ragir <100833@ittiam.com>
Significance:
--------------
- Possibility of accessing uninitialized access to structure members of a local scratch structure uncovered with fuzzer testing.
- The changes in this commit handle such cases.
Bug: ossFuzz:68464
Test: poc in bug
These changes fix the Use-of-uninitialized-value in ixheaacd_aacdec_decodeframe runtime error
caused due to uninitialized structure members of aac scratch structure.
Bug: ossFuzz:68464
Test: poc in bug
Significance:
========
[x] Aligned buffer access for scratch memory and scratch memory optimization.
Testing:
=====
[x] MSVS Conformance and CTS are passing.
[x] All previous fuzzer crashes are tested. No crash observed.
[x] For platforms, Conformance tested with different combinations.
[x] Tested Conformance with gcc builds for x86, x86_64, armv7 and armv8.
[x] Tested Conformance with clang builds with address and memory sanitizer flags for x86_64 and armv8.
These changes handle the nested bug in the same thread, aborting issue
reported by disabling some code checks which are related to EC.
Bug: ossFuzz:62003
Test: poc in bug
AAC Core coder changes to take the output samples as 32 bit
and subject to peak limiter to avoid any clipping , at the
same time maintaining precision.
Bug: 175435457
Test: atest CtsMediaTestCases:DecoderTest
Test: atest CtsMediaTestCases:DecoderTestAacDrc
Test: atest CtsMediaTestCases:DecoderTestXheAac
Test: atest CtsMediaTestCases:DecoderTestAacFormat
Test: atest CtsMediaV2TestCases:CodecDecoderTest
Check configuration data obtained after audio Pre-Roll
parsing against current configuration. Update only when
configurations are different.
Bug: 175435457
Test: atest CtsMediaTestCases:DecoderTest
Test: atest CtsMediaTestCases:DecoderTestAacDrc
Test: atest CtsMediaTestCases:DecoderTestXheAac
Test: atest CtsMediaTestCases:DecoderTestAacFormat
Test: atest CtsMediaV2TestCases:CodecDecoderTest
Added check for AOT(read from bit stream) mismatch,
between two consecutive execute calls while decoding
LATM header.
Bug: 168429291
Test: poc in bug
Change-Id: I64b3e38c97499b1103c9cc5594742b804e0a3965
Codec initialization is done with AOT 2 (AAC-LC profile),
but AOT changes abruptly to 42 (USAC profile) in execution
leading to access of uninitialized tables. Hence Added a
check for mismatch in AOT during initialization and
AOT during execution.
Bug:150400335
Test: poc in bug
Change-Id: I73ca2bf0f963df7982c1a8371a8fc0c2e3c7cd82
For erroneous stream, coupling channel initialization memory
was overlapping with SBR scratch memory usage, causing unwanted
reset of the some of the pointers.
All initialization should take place in persistent memory.
As a fix, replaced scratch with persistent memory for initialization.
Bug:145264510
Test:poc in bug
Change-Id: Iaa757d0e87fd3a0b2f75c5288cfe662f556c871f
Maximum CC CHANNEL element supported in xaac decoder
is only two, but we are getting more for this
error stream, leading to heap buffer overflow.
Hence a check is added.
Bug:141344322
Test: poc in bug
Change-Id: Ib63b4c74e66d9e37c85153c87341de0601044bec
Fatal error returned from previous init call was not handled
during subsequent init calls. This check has been added here.
Bug:140984035
Bug:140988475
Bug:140986175
Test: poc in bug
Change-Id: I37599ba304bbf137b1a590c1fec7e0da236f7308
This CL contains changes to make #include delimiters stying
consistent. For all system files inclusion we will use <> and
all user files we will use ""
Bug: 125443111
Test: compilation
Change-Id: Ie5f609b9bef8357877affb7f48d46df7c387d142
Output memory size initialised was not sufficient for the
case when audio preroll is 3 and core_sbr_framelength = 4.
Hence, it has been increased to accomodate for the same.
Bug: 136441188
Test: poc in bug
Change-Id: I4e21395f46f4b16c538bf5522b92ad0836ece67f
We found that error return was not being handled properly
in ixheaacd_applysbr() function. This led to a wrong value
being propagated which led to a stack buffer overflow.
Also, a flag for checking if any previous frames encountered
a fatal error has been added to ensure that further processing
of frames doesn't happen after encountering a fatal error.
Bug:130219994
Bug:131307285
Test: vendor
Change-Id: If7b3887afcb375dda292082438f61d156027b60e
In ixheaacd_applysbr(), down_samp_sbr was coming as 1 during init
and 0 during execute, which lead to a down sampled(smaller array)
being intialised but memcpy at line 633 in ixheaacd_sbrdecoder.c
tried to do it for a non down sampled array(larger array) causing
a memcpy param overlap.
As a fix a check has been added in ixheaacd_dec_execute() for
down_spamp_sbr flag which should be 0 for AOT 42(USAC).
Bug:130273553
Bug:131278612
Test: vendor
Change-Id: Ide3af2da26fdceb8fa51b2e976ff96a0dba9b7a5
