These changes fix the Heap-buffer-overflow in Codec__decodeXAACStream runtime error
caused due to unsupported frame length type configuration for LATM streams.
Bug: ossFuzz:67767
Test: poc in bug
These changes handle the Heap-buffer-overflow WRITE 8 runtime error reported
due to unsupported channel configuration for USAC.
Bug: ossFuzz:64960
Test: poc in bug
Audio Object type(AOT) should be same across init and
execute calls. This check was missing when AOT is
not SBR and PS and hence added as fix for this bug.
For AOTs, SBR and PS since this value is re-read at
a later point, check already present would be fine.
Bug: 196308693
Test: poc in bug
Added check for AOT(read from bit stream) mismatch,
between two consecutive execute calls while decoding
LATM header.
Bug: 168429291
Test: poc in bug
Change-Id: I64b3e38c97499b1103c9cc5594742b804e0a3965
Header decode is done with AOT 2 (AAC-LC profile),
but due to corrupted nature of input file AOT is read
as 42 (USAC profile) after few memory/table initializations.
As fix, modified the check to prevent an attempt
to change AOT in mid file.
Bug: 160389683
Test: poc in bug
Change-Id: Id95aa74b0833321b29b602d97b14c5a5580ef7fc
Codec initialization is done with AOT 2 (AAC-LC profile),
but AOT changes abruptly to 42 (USAC profile) in execution
leading to access of uninitialized tables. Hence Added a
check for mismatch in AOT during initialization and
AOT during execution.
Bug:150400335
Test: poc in bug
Change-Id: I73ca2bf0f963df7982c1a8371a8fc0c2e3c7cd82
During bitbuffer search for sync word, the buffer is incremented each
time in the loop. However, in the second initialization, this size
is not taken care of.
As a fix, reduced the size appropriately in the second init.
Bug:145727847
Test:poc in bug
Change-Id: Id1079d2feeba6841675562e0e1f7b7983acd1b35
This CL contains changes to make #include delimiters stying
consistent. For all system files inclusion we will use <> and
all user files we will use ""
Bug: 125443111
Test: compilation
Change-Id: Ie5f609b9bef8357877affb7f48d46df7c387d142
Decode init fatal error was not handled at upper level in
ixheaacd_common_lpfuncs.c. Hence, corresponding check has
been added.
Bug:126154782
Test: poc
Change-Id: I5332f5fd0260110f426cfe176e6d64f5989cfb08
Added bound checks and handled the respective returned
error across source and header files.
Bug:120452956
Test: vendor, poc
Change-Id: I5a9ebf68e7a5d2f41a0112aff113f0b1b8eeba7c
Sampling frequency of the input stream is read from the bit stream.
As per spec there are 30 standard sampling frequencies.Sampling frequency
index which is a 5 bit filed read from the bit stream. If the input
stream has sampling frequency other than this 30 then sampling index
from the bit stream will be 0x1f. If the sampling frequency index is 0x1f
then sampling frequency is directly read from the bit stream (24 bit).
Even though sampling frequency can be any value between ( 0 and 2^24-1)
as per usac specification this free sampling frequency has to be clamped.
We implemented that clamping as part of this CL.
Bug:117047049
Test: poc + vendor
Change-Id: I5793139521563e5efd03c8ed9cf5aeda0792bef2
Input stream contains an erroneous PCE. While parsing
PCE error code was not handled properly,because of this
number of channels are updated with wrong value.
Internal buffers are accessed using number of channels
as array index,because of wrong number of channels
NULL pointer is getting deferred
Bug: 112715634
Test: poc
Change-Id: I3e3d30fed737d62f52f2757b547fe26f1c9c06da
Number of elements allowed in usac profile are 16. Erroneous input
stream in this use case has 63336 elements.We have an error
check for this max number of elements while parsing the decoder
configuration.This returned error code was not handled properly.
Maximum 16 config elements can be used while codec creation,because
of number of elements values is coming as 63336, during
creation time OOB read is happening.
Bug:112766520
Bug:112857468
Bug:112913145
Bug:112918261
Test: re-ran poc
Change-Id: If9413546371f72a6896f5c7e7d22a314e484cf76
Code was modified to handle both fatal and nonfatal errors.
Initially non fatal errors from general audio header decode
were ignored because of which there is segmentation fault
occurring while accessing channel info during execute call
Bug:112552509
Test: poc
Change-Id: I39bc9513ed9e408bc43d9e3746d221852f2aa4f9
Test: CTS android.media.cts.DecoderTest
Formatting changes in test folder
Bug: 80493357
Change-Id: Iaa9521521b2278b78ba789d026360a8b2eb9b54c
Changes based on the received review comments
Bug: 109679313
Change-Id: I9cd35ab4fb131f12a8970e772f464d44519496b9
Test: CTS android.media.cts.DecoderTest{AacDrc,XheAac}
Added __ARM_NEON__ check to generic function selector
Bug: 80432407
Change-Id: I66c7879fda1369da88ccaea5f8792ea54657cdaf
Added support to build for mips
Bug: 80432286
Change-Id: I908029bbaddd3c1fbc39be1192926b56d981576e
Add optimized versions for qmf_dec for armv7 and armv8
Separating common functions and platform specific functions
in ixheaacd_qmf_dec.c. Platform specific functions are moved
to qmf_dec in armv7, armv8 and generic folder.
Bug: 80431870
Change-Id: I860cb79a1870e228d2108b7915418e1c003cefc5
Fixes for crashes reported by Fuzzer tool
Bug: 109697676
Change-Id: I862fc054b99ee9d427d20596bc8d2e85522a7188
Updates from vendor to remedy issues exposed by new CTS tests
Bug: 77287124
Test: CTS DecoderTest, DecoderTest{AacDrc,XheAac}
@ Sanitizer fixes in libxaac
Fixes few integer overflow sanitizer errors
Progagate few errors
ENABLE_DRC macro is removed
AMMENDMENT1 macro is removed
Change-Id: Ic61163dfd6318bd4a00ed45e1295c819cb0f637b
@ Add support for audio pre-roll and DRC effect type
Also includes the following
MPEG-D DRC parameters related changes
USAC config switch changes
SBR config switch changes
Bug: 80133175
Change-Id: I0ab25641768cf523b66f7b0fcb4137429c1c4a77
@ Fixed trailing spaces
Change-Id: I32de0c9d3f7237e1fbf8dfef1cac485ef8458173
@ Replaced tabs
Change-Id: Ic741ee13d7b978b37edc27d087903caaa40b8d90
