wrapper/libxaac
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
71 commits 10 branches 13 tags 16 MiB
Commit graph

69 commits

Author SHA1 Message Date
Ramesh Katuri
5f84dbecff Fix for crash due to negative size passed to memcpy 
In DRC, one of the memcpy is called with uninitialized variable as size,
which is resulting a crash during memcpy.

As a fix all the members of structure str_bit_handler are set to zero.

Bug:115780779
Test: vendor
Change-Id: Ib991f7ca6fde9d448b975b4a9fa34234fa54231e
 2018-11-29 12:14:59 -08:00
TreeHugger Robot
657393883b Merge "Fix for Segmentation fault in ixheaacd_sbr_dec_from_mps" into pi-dev 2018-11-28 21:33:31 +00:00
Ramesh Katuri
f81b8d0dbd Fix for Segmentation fault in ixheaacd_sbr_dec_from_mps 
Bug: 110629822
Test: re-run poc
Change-Id: I5495b01d5d0c779185ff04eb8f1c048f353396b2
(cherry picked from commit 70396d6ced)
 2018-11-27 23:22:45 +00:00
Ramesh Katuri
4692bee50b Fix for oobw-in-impd_parse_drc_instructions_uni_drc 
Bug:117883804
Test: vendor
Change-Id: I9512dbc1d184ea838572218df3db9e91574c1460
 2018-11-27 13:58:34 -08:00
Ray Essick
850b4ba6f3 Merge "Fix for OOB write in mpeg-d drc bit stream parsing by adding bound checks" into pi-dev 2018-11-21 17:21:38 +00:00
Ray Essick
1c63dd338e Merge "Fix for OOB write in td filter casecade parsing" into pi-dev 2018-11-20 04:23:25 +00:00
Ray Essick
e0040b411e Merge "Fix for Stack buffer overflow in ixheaacd_mps_getstridemap" into pi-dev 2018-11-16 22:06:08 +00:00
Ray Essick
d498d63513 Merge "Fix for OOB write in equalizer instructions parsing." into pi-dev 2018-11-15 23:03:11 +00:00
Ramesh Katuri
565b25f432 Fix for stack-buffer-underflow in ixheaacd_sbr_env_calc 
Bug:117050162
Test: vendor, poc no longer fails
Change-Id: I1ff8f0ce42ade33c93653edc9e19282b68108b9b
 2018-11-14 18:31:32 -08:00
Ramesh Katuri
c9ecca9cd8 Fix for OOB write in equalizer instructions parsing. 
Bound check was missing for eq_ch_group_count. Added
as fix.

Bug: 117216549
Test: vendor
Change-Id: Ie36446a3604ae1cb2471dad0a938a96f2b7fff64
 2018-11-14 18:01:47 -08:00
Ramesh Katuri
bd5770772f Fix for Stack buffer overflow in ixheaacd_mps_getstridemap 
Bug:117495103
Bug:117495366
Test: vendor + poc
Change-Id: Iff5b9135a8fc1b9ad1f00b6fdbe6a8e20c0a61c4
 2018-11-14 14:56:14 -08:00
Ramesh Katuri
589d21b8a3 Fix for OOB write in mpeg-d drc bit stream parsing by adding bound checks 
Added bound checks for all the parameters which are
derived from bit stream.

Bug:116760188
Bug:116019594
Bug:116114402
Test: vendor
Change-Id: I126cd520e7faf2281ab731da559b11c74a9e30b5
 2018-11-07 00:55:26 +00:00
Ramesh Katuri
ae206c1fa5 Fix for OOB write in td filter casecade parsing 
Add bounds checks for values delivered as N-bits in the bitstream
but that have smaller allowed range in this implementation.

Bug:116617847
Test: vendor
Change-Id: Iad0c020ceacd2226d8e1af688a52a46179a39a2d
 2018-11-06 16:46:03 -08:00
Ramesh Katuri
c992830e35 Fix for segmentation fault in hf generator 
Number of envelopes is becoming zero because of erroneous input
stream.Inside SBR start band and stop band are calculated based
on number of envelope's.

In this case start bands is becoming negative. In sbr processing
buffer is accessed from start to stop band. This is causing OOB
read access

Bug:113037143
Test: poc
Change-Id: Iade10e8cb86676784703e7226b7e132761eb12b1
(cherry picked from commit 4e5b9cb8f6)
 2018-11-02 22:53:22 +00:00
Ray Essick
8fe5da1ed4 Merge changes from topic "b117495362" into pi-dev 
* changes:
  Fix for stack buffer overflow in mps ecdata pair decode
  Fix for OOB read in bit stream parsing in mps module
  Clean an array bounds violation.
  Fix for sanitizer multiplication overflow error
  Fix for Segmentation fault in ixheaacd_mps_apply_pre_matrix
 2018-11-01 22:14:01 +00:00
Ray Essick
6511706b0b Merge "Fix for heap buffer overflow in tns block" into pi-dev 2018-10-30 22:12:07 +00:00
Ramesh Katuri
48b9e0f857 Fix for stack buffer overflow in mps ecdata pair decode 
Bug:116971427
Test: vendor
Change-Id: Icb76f5700651ba701b51fdc626e797f0ae86c2cf
 2018-10-30 14:56:10 -07:00
Ramesh Katuri
639e7a88a5 Fix for OOB read in bit stream parsing in mps module 
icc and cld index are calculated using parameters derived
from bit stream.There is no bound check for icc and cld index,
because of which OOB read is happening in mps parsing

After icc and cld index calculation,values are clamped to
avoid OOB read

Bug:112856493
Bug:112858430
Test: poc
Change-Id: I59905926d8a2d1a532bec33e5998a67531a99bd9
 2018-10-30 14:56:10 -07:00
Ray Essick
97123f8e06 Clean an array bounds violation. 
unchecked bounds on array that was also 1 entry to small.

Bug: 110596152
Test: vendor
Change-Id: Ia6c0ddd342257177323a87af85fb42ba24eb8d11
 2018-10-30 14:56:10 -07:00
Ramesh Katuri
40c1157b52 Fix for sanitizer multiplication overflow error 
Bug: 110596152
Test: re-run POC
Change-Id: I24b01b4ab13987abd028f013262f732cd06e81f8
 2018-10-30 14:56:10 -07:00
Ramesh Katuri
0ccd0efbd0 Fix for Segmentation fault in ixheaacd_mps_apply_pre_matrix 
Bug: 110649314
Test: run poc
Change-Id: I40f74385499064c0e982608181d98e9e577df84c
 2018-10-30 14:56:10 -07:00
Ray Essick
69e7a92ab9 Merge "Fix for OOB write in loudness info set ext" into pi-dev 2018-10-30 21:54:50 +00:00
Ray Essick
86a4367f4c Merge "Fix for OOB write in parsing eq sub band gain vector in drc" into pi-dev 2018-10-30 21:51:39 +00:00
Ramesh Katuri
6bd9129c03 Fix for OOB write in parsing eq sub band gain vector in drc 
bounds checking on subband information.

Bug:115908308
Test: vendor
Change-Id: I8cb2684c7f02b287065ef8b0b1a11c7dcf88e6d1
 2018-10-29 16:17:55 -07:00
Ramesh Katuri
851d0d122a Fix for stack buffer overflow in drc loudness control 
Bug:114749542
Test: vendor
Change-Id: I3b394faf8e6659724ee361fb94ec7d89f60eaf5e
 2018-10-29 15:47:53 -07:00
Ray Essick
3ddab42b81 Merge "Fix for stack over flow write in drc set pre selection" into pi-dev 2018-10-29 22:08:57 +00:00
Ray Essick
e99fa1316d Merge "Fix for stack overflow in impd parse equalizer coefficients" into pi-dev 2018-10-29 21:28:05 +00:00
Ray Essick
402fce8468 Merge "Fix for OOB in parse drc config extension" into pi-dev 2018-10-29 21:19:30 +00:00
TreeHugger Robot
09cc55d5fa Merge "Fix for stack overflow in eq selection in drc module" into pi-dev 2018-10-29 20:43:22 +00:00
Ramesh Katuri
8e1635aaea Fix for OOB in parse drc config extension 
Bug:117100617
Test: vendor
Change-Id: I0e6bcbdfb21f40b9687b2d36366112bc67cee88a
 2018-10-27 13:32:43 -07:00
Ramesh Katuri
7e8303bbaa Fix for OOB in parsing loud equalizer instruction in drc 
Bug:116117112
Test: vendor
Change-Id: I9d69d07dc36e8874d1784b4cf1f1a0a4fc99cee7
 2018-10-27 13:23:13 -07:00
Ramesh Katuri
06296604c8 Fix for OOB write in loudness info set ext 
Bug:117099943
Bug: 117100484
Test: Vendor
Change-Id: Id657372bde3b0218108c3d8aa7f9f898cde5b583
 2018-10-27 10:38:12 -07:00
Ramesh Katuri
c14b25793c Fix for stack overflow in impd parse equalizer coefficients 
Bug:115907334
Test: vendor
Change-Id: I031ba8064d24bec2db3ea68beea713387ea19762
 2018-10-27 10:01:23 -07:00
Ramesh Katuri
0c81453dd3 Fix for stack over flow write in drc set pre selection 
Bug:114745929
Test: vendor
Change-Id: I3bbb434d61ce1784db60c47fe7154a9931f97820
 2018-10-27 09:51:20 -07:00
Ramesh Katuri
c26e43d759 Fix for stack overflow in eq selection in drc module 
Bug:114735603
Test: vendor
Change-Id: I83be3dfe1111caa1acd244b0a9ba2a8944c92981
 2018-10-27 09:31:58 -07:00
Ramesh Katuri
6952af9a09 Fix for heap buffer overflow in tns block 
In tns, filtering is applied on spectral data.Based on
filter direction filtering is applied either from start of
spectral data or from end of spectral data. In this error
case filter order is coming more than spectral length,because
of which filter input(spectrum) is accessed more than
what is allocated.

Bug:112609715
Bug:112610994
Bug:113108416
Bug:113164693
Bug:113261927
Bug:113262855
Test: vendor
Change-Id: I8b5faf53bdf3e145f442fe2a029b0fffc5189a94
 2018-10-11 16:51:32 -07:00
TreeHugger Robot
3eaf99dd1d Merge "Fix for OOB write in parsing drc ext" into pi-dev 2018-10-08 19:59:34 +00:00
Ramesh Katuri
988f5bd17c Fix for crash due to un-initailized variables in drc module 
Nested loop used wrong subscript in inner loop, leading to bad
iteration count and haphazard clearing of data structure.

Bug: 113885537
Test: vendor
Change-Id: Ia9cb53205f4e91ee99268202114fc2001eae2de3
 2018-10-04 10:59:52 -07:00
TreeHugger Robot
8630b598a9 Merge "Fix for heap buffer over flow in drc bit stream parsing" into pi-dev 2018-10-03 00:47:21 +00:00
TreeHugger Robot
c7c160e98c Merge "Fix for OOB loudness eq instruction parsing" into pi-dev 2018-10-03 00:38:36 +00:00
TreeHugger Robot
84b3433dbd Merge "Fix for OOB write in filter block parsing in drc" into pi-dev 2018-10-03 00:31:00 +00:00
Ramesh Katuri
17825d4a75 Fix for OOB write in parsing drc ext 
Validate drc coefficient counts as we parse them from the stream.

Bug: 116224432
Test: vendor
Change-Id: I5a78521b8acfcdc7af96b91e5687d4f02ce49e54
 2018-10-02 17:00:13 -07:00
TreeHugger Robot
a97968adcd Merge "Fix for OOB write in parametric drc instruction parsing" into pi-dev 2018-10-02 23:17:33 +00:00
TreeHugger Robot
cbc35bf28a Merge "Fix of OOB write in drc downmix instruction count parsing" into pi-dev 2018-10-02 23:16:51 +00:00
Ramesh Katuri
c90eeb6e61 Fix for heap buffer over flow in drc bit stream parsing 
Bound values that we parse from the input stream.

Bug: 115375616
Test: vendor
Change-Id: I357d8e19e377fbe5156e5a639ed9ab99cbfeed52
 2018-10-02 15:56:02 -07:00
Ramesh Katuri
69a69acbc9 Fix for OOB write in filter block parsing in drc 
Bug: 116467350
Bug: 116469592
Test: vendor
Change-Id: I2f7bff1cec3d0d60e9d43217290392bf4e23d207
 2018-10-02 15:51:13 -07:00
Ramesh Katuri
cd74db5553 Fix for OOB loudness eq instruction parsing 
Bounds checking on value parsed from input stream.

Bug: 116020594
Test: vendor
Change-Id: I915f36ca27b982c8f1b11a533969e40fbff3b765
 2018-10-02 15:29:07 -07:00
Ramesh Katuri
599ca4428a Fix for OOB write in split drc characteristic parsing 
added bounds check on values parsed from input stream.

Bug: 116619337
Test: vendor
Change-Id: Ia938ce45cb0503c1ddcbeaa5d036c0f57521a38f
 2018-10-02 13:18:16 -07:00
Ramesh Katuri
df1030d8b9 Fix of OOB write in drc downmix instruction count parsing 
Check bounds of parsed value.

Bug: 116619387
Test: vendor
Change-Id: Iada4937f7d99744594a1d457ae1bddefe961ba4f
 2018-10-02 11:21:44 -07:00
Ramesh Katuri
d735e2e329 Fix for OOB write in parametric drc instruction parsing 
Bug: 116715245
Test: vendor
Change-Id: I24c7ce7cd8c928d53a9914d116de4c6b408cfb09
 2018-10-02 10:08:37 -07:00