Maximum crc registers allowed is 7. Crc registers are accessed
and updated inside the function ixheaacd_adts_crc_start_reg().
Check has been added before the function call so that if the
register value is less than 7 then only the function gets called.
Bug:112551726
Bug:112551874
Bug:112609715
Bug:112713720
Bug:112715795
Bug:113261928
Test: poc
Change-Id: I3935546b8fb3dc5c82bee16639df771349e6d2b6
(cherry picked from commit 55c1da8c37)
Number of envelopes is equal to 2^n, where n obtained by
reading 2 bits from bit stream,so maximum value for number
of envelopes is 8. Time slot array table is accessed using
number of envelopes. The Minimum and Maximum values are 0
and 6,based on these values the table is modified.
Bug:112765917
Test: re-run poc
Change-Id: I42a44fc2376536d5119a8290a14726c9c5badd19
Reason for crash:
For the below reported issues input stream has only one
coupling channel element. As per the specification coupling
channel element should be associated with at least one main
channel element.
We have different output buffers for main channel
and coupling channel. In this error case the coupling
channel output buffer is not getting updated because
there is no main channel, so main decode is called with
output buffer pointing to NULL.
This is the reason for all the issues listed below.
Bug:112551721
Bug:112704700
Bug:112706520
Bug:112710190
Bug:112712274
Bug:112717301
Test: re-run poc
Change-Id: Ife593ca4ae21f05555b6a89092ff76b974e28a67
Number of elements allowed in usac profile are 16. Erroneous input
stream in this use case has 63336 elements.We have an error
check for this max number of elements while parsing the decoder
configuration.This returned error code was not handled properly.
Maximum 16 config elements can be used while codec creation,because
of number of elements values is coming as 63336, during
creation time OOB read is happening.
Bug:112766520
Bug:112857468
Bug:112913145
Bug:112918261
Test: re-ran poc
Change-Id: If9413546371f72a6896f5c7e7d22a314e484cf76
While parsing the input stream in mps_pre_matrix function,
there was an error.This error was not handled properly,
because of which further values which are read from bit stream
are getting wrong values.
We use these value in iteration in ixheaacd_mps_getstridemap()
which is causing stack-buffer-overflow
Bug:112857941
Test: poc+ASAN
Change-Id: I9549b06e0e4e362f517869aef75d579e3e4140a6
The maximum number of channels supported for usac profile in
libxaac decoder is two only.Input streams of the below reported
issues contain multi channel,because of multi channel the write
offset is incremented by greater 2, which causes out of bound
memory access while writing.
Bug:112858010
Bug:112859113
Test: re-run POC
Change-Id: Ide57cb8ee39d77d0f386298e899683d460a3c18b
Test: CTS android.media.cts.DecoderTest{AacDrc,XheAac}
Added __ARM_NEON__ check to generic function selector
Bug: 80432407
Change-Id: I66c7879fda1369da88ccaea5f8792ea54657cdaf
Added support to build for mips
Bug: 80432286
Change-Id: I908029bbaddd3c1fbc39be1192926b56d981576e
Add optimized versions for qmf_dec for armv7 and armv8
Separating common functions and platform specific functions
in ixheaacd_qmf_dec.c. Platform specific functions are moved
to qmf_dec in armv7, armv8 and generic folder.
Bug: 80431870
Change-Id: I860cb79a1870e228d2108b7915418e1c003cefc5
Fixes for crashes reported by Fuzzer tool
Bug: 109697676
Change-Id: I862fc054b99ee9d427d20596bc8d2e85522a7188
Updates from vendor to remedy issues exposed by new CTS tests
Bug: 77287124
Test: CTS DecoderTest, DecoderTest{AacDrc,XheAac}
@ Sanitizer fixes in libxaac
Fixes few integer overflow sanitizer errors
Progagate few errors
ENABLE_DRC macro is removed
AMMENDMENT1 macro is removed
Change-Id: Ic61163dfd6318bd4a00ed45e1295c819cb0f637b
@ Add support for audio pre-roll and DRC effect type
Also includes the following
MPEG-D DRC parameters related changes
USAC config switch changes
SBR config switch changes
Bug: 80133175
Change-Id: I0ab25641768cf523b66f7b0fcb4137429c1c4a77
@ Fixed trailing spaces
Change-Id: I32de0c9d3f7237e1fbf8dfef1cac485ef8458173
@ Replaced tabs
Change-Id: Ic741ee13d7b978b37edc27d087903caaa40b8d90
