wrapper/libxaac
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
372 commits 10 branches 13 tags 16 MiB
Commit graph

242 commits

Author SHA1 Message Date
TreeHugger Robot
4d7d9daad6 Merge "Fix for array bound overflows" 2019-01-28 19:15:34 +00:00
Ray Essick
23770a90e5 Merge "Fix for invalid read of data below stack pointer" 2019-01-23 17:18:54 +00:00
TreeHugger Robot
ae3f833889 Merge "Fix for integer overflow in ixheaacd_voronoi_search" 2019-01-18 01:44:23 +00:00
Tripti Tiwari
1908d24066 Fix for integer overflow in ixheaacd_voronoi_search 
Subtraction overflow occurs in ixheaacd_voronoi_search.
As fix, saturation check added.

Bug:120064853
Test: vendor
Change-Id: If8c6c21c4d77d2c60e34db6296e500e448c3ed8b
 2019-01-17 16:05:08 -08:00
Ramesh Katuri
7431cc93ad Fix for crash in ixheaacd_filter_and_add 
Use saturating math in many places to avoid integer overflow.

Bug: 117048334
Test: vendor
Change-Id: I6ba53797035b812002f85ef67ef0f6a73b650aca
 2019-01-17 14:36:09 -08:00
Ray Essick
ac85257e25 Merge "Fix for crash in ixheaacd_rvlc_dec" 2019-01-17 16:58:39 +00:00
TreeHugger Robot
6bf18bef96 Merge "Fix for crash in in ixheaacd_core_coder_data" 2019-01-17 02:31:21 +00:00
TreeHugger Robot
78c8e8d43d Merge "Fix for crash in ixheaacd_voronoi_idx_dec" 2019-01-16 16:10:56 +00:00
TreeHugger Robot
27c3699b3d Merge "Fix for crash in ixheaacd_ga_hdr_dec" 2019-01-15 01:41:39 +00:00
Ramesh Katuri
51a9c02020 Fix for crash in in ixheaacd_core_coder_data 
Bug:117047613
Test: vendor
Change-Id: Ia64ca8a0e65bfa41e05cd53e4ebd39c02768edef
 2019-01-14 17:24:00 -08:00
Ramesh Katuri
43b2e7c94c Fix for crash in ixheaacd_voronoi_idx_dec 
Bug:117047616
Test: vendor + poc
Change-Id: I01fedfe098a3128b4ee965566054e889003e6667
 2019-01-14 17:10:34 -08:00
Rajat Kumar
eb58cff832 Fix for array bound overflows 
Added bound checks and handled the respective returned
error across source and header files.

Bug:120452956
Test: vendor, poc
Change-Id: I5a9ebf68e7a5d2f41a0112aff113f0b1b8eeba7c
 2019-01-11 14:16:39 -08:00
Rajat Kumar
de3801a089 Fix for invalid read of data below stack pointer 
eliminate [sp, <negativeconstant> ] references by growing stack appropriately
larger and adjusting all sp-based offsets.

Bug:117660045
Test: vendor
Change-Id: I927a98c3da2dd331bd9205712404941fae5c3f81
 2019-01-11 12:31:08 -08:00
Ramesh Katuri
acae580792 Fix for crash in ixheaacd_rvlc_dec 
Instead of saving the cnt_bits and later doing the math
(which was causing integer overflow) to restore bit-buffer
values, we are saving the bit-buffer structure at the start
and then restoring it at the end of the function.

Bug:116843194
Test: vendor
Change-Id: I956e36e1b5d7823171d5d04a9058205b69c65be7
 2019-01-11 10:40:28 -08:00
Ramesh Katuri
5017b03aeb Fix for crash in ixheaacd_ga_hdr_dec 
Bug:117049088
Test: vendor
Change-Id: I2b64b5c60eaf037ab2ff23c9edef2ddd7064fb8e
 2019-01-11 10:26:12 -08:00
Rajat Kumar
c300f50cf1 Fix OOB read in impd_drc_uni_sel_proc_process 
pstr_drc_uni_sel_proc->drc_config.str_drc_instruction_str
and pstr_drc_uni_sel_proc->drc_config.str_drc_config_ext
.str_eq_instructions  arrays were accessed with -1
indexes, which is implemented as default configuration for no
updation.

Since we have already initialized all the structures to zero
before itself, this assignment is not needed when the indexes
are -1, so the check has been added.

Bug: 122330975
Test: atest android.media.cts.DecoderTestAacDrc
Change-Id: I841c748c53c057db38379c97def6b28fb6421482
 2019-01-10 10:50:22 -08:00
Rajat Kumar
cdce0be099 Fix for integer overflow in ixheaacd_nearest_neighbor_2d 
Saturation checks has been added after negation
and subtraction operations to avoid integer
overflows in this CL.

Bug:120252334
Test: poc + vendor
Change-Id: Ief97ec7b4715bc76b7accc78ece535c7a561447e
 2019-01-08 10:36:28 -08:00
TreeHugger Robot
a2796e6022 Merge "Fix for segmentation fault in latmGetValue" 2019-01-07 19:36:33 +00:00
TreeHugger Robot
2f4e7d8d97 Merge "Fix for integer overflow in xaacdec test bench" 2019-01-07 19:36:31 +00:00
TreeHugger Robot
a0e487a8bd Merge "Fix for few uninitialized accesses" 2019-01-07 19:32:27 +00:00
TreeHugger Robot
b58b82de38 Merge "Fix for oobw in ixheaacd_decode_init()" 2019-01-07 19:30:14 +00:00
TreeHugger Robot
9b6182fe2e Merge "Fix for oobw in impd_manage_drc_complexity() due to drc_set_id" 2019-01-07 19:28:00 +00:00
TreeHugger Robot
322278fed9 Merge "Fix for oobw in impd_manage_eq_complexity() due to eq_set_id" 2019-01-07 19:26:30 +00:00
TreeHugger Robot
92663c01c7 Merge "Fix for stack buffer underflow in sbr dec" 2019-01-07 19:24:23 +00:00
TreeHugger Robot
4cbdac93d2 Merge "Fix for segmentation fault in read spectral data" 2019-01-07 18:34:14 +00:00
TreeHugger Robot
f6bf43db8f Merge "Fix for crash in ixheaacd_decode_init" 2019-01-07 18:22:03 +00:00
TreeHugger Robot
7ec9d127e7 Merge "Fix for global buffer overflow in impd_init_loudness_control function" 2019-01-07 17:55:21 +00:00
TreeHugger Robot
cea2548155 Merge "Fix for global buffer over flow in error handler." 2019-01-07 17:49:47 +00:00
TreeHugger Robot
c1c9021f5c Merge "Fix for heap buffer overflow in ixheaacd_aac_read_2bytes" 2019-01-07 17:49:02 +00:00
TreeHugger Robot
4a6e2011a8 Merge "Fix for addition overflow in ixheaacd_shr32_drc" 2019-01-07 03:00:43 +00:00
TreeHugger Robot
c7e444dad2 Merge "Fix for parsing erroneous Program Config Element" 2019-01-05 01:13:39 +00:00
Ray Essick
7ead99042a Merge "Bit buffer error handling using setjmp and longjmp" 2019-01-04 23:12:23 +00:00
Ramesh Katuri
7639b651b2 Fix for addition overflow in ixheaacd_shr32_drc 
Addition overflow was observed in function ixheaacd_shr32_drc.
After fixing this issue we observed an infinite loop in
ixheaacd_reset_hf_generator(), which is fixed in the current CL

Bug:118388357
Test: vendor + poc
Change-Id: I95ebac387057e170763e230fc081a2bb57312ebd
 2019-01-04 10:13:49 -08:00
TreeHugger Robot
8b11755f03 Merge "Fix for stack buffer over flow in ixheaacd_lpd_bpf_fix function" 2019-01-04 03:54:02 +00:00
TreeHugger Robot
98b3146396 Merge "Fix for uninitialized bit buffer variables" 2019-01-04 02:00:36 +00:00
Ramesh Katuri
e862c5ddc5 Fix for uninitialized bit buffer variables 
Bug:118355146
Test: vendor
Change-Id: I22c5019989036354360687265c758fd86fa26ddc
 2019-01-03 15:46:18 -08:00
Ramesh Katuri
105f9b7fa4 Fix for stack buffer over flow in ixheaacd_lpd_bpf_fix function 
Bug:118138797
Test: vendor + poc
Change-Id: I2822d3a74a9b21817dc37b8f54ccba8c09d7e0dc
 2019-01-03 15:35:55 -08:00
Ray Essick
69b0c9364d Merge "Fix for crash in ixheaacd_esbr_synthesis_regrp" into pi-dev am: c9062c1c4d 
am: e31d1f37c9

Change-Id: Ia51c53bedb43fdf247173545fdb56b1b453786d6
 2019-01-02 19:42:38 -08:00
Ray Essick
174165dd89 Merge "Fix for oobw in impd_parse_drc_instructions_uni_drc()" into pi-dev am: e0c41aae88 
am: f462745e36

Change-Id: I48e9385dcb919b7777545aee8a04960d2461f6e9
 2019-01-02 19:42:25 -08:00
Ray Essick
c9062c1c4d Merge "Fix for crash in ixheaacd_esbr_synthesis_regrp" into pi-dev 2019-01-03 03:26:10 +00:00
Ray Essick
e0c41aae88 Merge "Fix for oobw in impd_parse_drc_instructions_uni_drc()" into pi-dev 2019-01-03 03:23:27 +00:00
TreeHugger Robot
ff5e428265 Merge "Use saturating arithmetic in rotated_gosset_mtx_dec" 2019-01-03 02:19:20 +00:00
Ramesh Katuri
eb95e08c41 Merge "Fix for crash due to negative size passed to memcpy" into pi-dev am: a9f6ff8ccc 
am: 1e5a543f1f

Change-Id: I0c6f6cbeeeb8877b61d57526c8c08dc67c6c03cd
 2019-01-02 14:31:01 -08:00
TreeHugger Robot
a9f6ff8ccc Merge "Fix for crash due to negative size passed to memcpy" into pi-dev 2019-01-02 22:10:34 +00:00
Ramesh Katuri
e988b01822 Bit buffer error handling using setjmp and longjmp 
Bug: 112552816
Bug: 116774502
Bug: 117531281
Bug: 118145923
Bug: 120124041
Test: vendor
Change-Id: Ib11c82a8cf728c8a0a841b5fc0452daa1a5b37be
 2019-01-02 14:08:58 -08:00
Ray Essick
ff358cfa4e Merge "Fix for oobw in impd_dec_slopes in DRC dynamic payload" into pi-dev am: 622f724911 
am: 6c7bac4af8

Change-Id: Ieea4955c915f84e7c150e6427d785bf78f287741
 2019-01-02 12:16:53 -08:00
Ramesh Katuri
015d135f65 Fix for stack buffer overflow in ixheaacd_latm_stream_mux_config am: 2e513342a1 
am: f4b31cc0cf

Change-Id: I625b419eeca9a88d0e9d7eff4d03450fa6bb8cea
 2019-01-02 12:08:35 -08:00
Ray Essick
622f724911 Merge "Fix for oobw in impd_dec_slopes in DRC dynamic payload" into pi-dev 2019-01-02 19:38:40 +00:00
Ramesh Katuri
541335d37c Fix for segmentation fault in latmGetValue 
Bug:117610049
Test: poc
Change-Id: I1361f7e8228561d135a26e9867221f8a8333e6b3
 2019-01-02 11:02:51 -08:00
Rajat Kumar
1453c9d50a Fix for integer overflow in xaacdec test bench 
p_obj_exhaacplus_dec->aac_config.ui_n_channels and
p_obj_exhaacplus_dec->aac_config.i_channel_mask initialized
to default values in pre config to avoid propagation of
uninitialized values in erroneous cases.

Bug:119798143
Test: poc
Change-Id: I757359818b0dbbf98c94551e4e54ed7e4d7c206a
 2019-01-02 11:02:39 -08:00