These changes handle the Undefined-shift runtime error
reported because the value of read word was being shifted
by a value greater than 31.
Bug: ossFuzz:61676, 61679
Test: poc in bug
Added missing return checks and converted
functions to void which doesn't return anything
other than zero.
Test: Review
Test: atest android.media.cts.DecoderTest
Bug:131183694
Change-Id: Iea7bb9959fffd7a0e4f345f86581a1328e04a38e
This CL contains changes to make #include delimiters stying
consistent. For all system files inclusion we will use <> and
all user files we will use ""
Bug: 125443111
Test: compilation
Change-Id: Ie5f609b9bef8357877affb7f48d46df7c387d142
We observed that ptr_read_next in ixheaacd_show_bits_buf()
would go beyond ptr_bit_buf_end in the corner case when
the bitbuffer is exhausted i.e cnt_bits = no_of_bits
case in the current logic of the code.
A different logic has been applied at the corner case in
this patch similar to the one already present in
ixheaacd_read_bits_buf().
Added check to handle the case when both cnt_bits and
no_of_bits come as zero.
Bug: 132050349
Test: poc in bug
Change-Id: I79e1d1e7a4f213c4802e5f7f28a5c419a8d01136
In ixheaacd_arith_decode(), ixheaacd_read_bidireciton()
was being called even when bitbuffer was exhausted which
in turn made cnt_bits and bit_pos more and more negative
which overflowed eventually and resulted in heap buffer
overlow. We also observed the variable "cumulative"
value to be zero even after reaching the end of bitbuffer
and this in turn lead to an infinte for loop
"for (lev = esc_nb = 0;;)" in ixheaacd_arth_decoding_level2()
as "cumulative" value would not be updated after reaching
end of bitbuffer.
As a fix , we return whenever "cumulative" value remains
zero even after bitbuffer is exhausted.
And this patch adds a check for (cnt_bits < 0) in
ixheaacd_bitbuffer.c and removes bitbuffer wrap around
in ixheaacd_read_bidirection().
Added cnt_bits > 25 check in ixheaacd_read_bits_buf() &
ixheaacd_show_bits_buf() as these functions cannot handle
read of more than 25 bits at a time.
Bug:123976878
Test: poc
Change-Id: I4ec729fddb859ddd0add0045532e20fbfffd2e5c
Better feedback from a bit reading routine, allowing separate offset
adjustments into buffer.
Bug:117610057
Test: vendor+poc
Change-Id: I3031cc50a727987512e2b8979fe14cbe23778245
For this stream, input size is very high that causes
huffman decoding to access beyond bit-buffer pointer
end limit due to no OOB access check. As a fix,added
this check in the bit read functionality.
Bug:112611181
Bug:113508101
Test: poc before/after
Change-Id: I4b7cc9624a388e8a20c7d4b11998dfed9c90d3f6
Clean copy of version XHEAAC_V1_36 as delivered 2018/4/13
Sole change is to map cr/lf line termination to unix lf.
Added appropriate LICENSE, MODULE_LICENSE_APACHE2, and NOTICE files
as part of folding into internal master.
Bug: 77287124
Test: CTS audio/media
Change-Id: I3c8d124033f967b29d6e384cce5c843ee17a7bb1
