bs_gain_set_idx is a 6 bit field read from bitstream, which is used
to access gain_set_index_for_channel_group[] whose size is GAIN_SET_COUNT_MAX
which is 24.bs_gain_set_idx value greater than 23 is causing oob access.
As fix for this issue bound check is added for bs_gain_set_idx
Bug:119263784
Test: vendor
Change-Id: I26d3668c54a739016c1102158c73db49cb35f1c4
valgrind has reported usage of un-initialized variable for elements
of structure pstr_core_coder.
As a fix initialized the structure with memset.
Bug:118492594
Test: vendor
Change-Id: If1ce7f04ae03b58f44b9b551cab2461349e48394
valgrind has reported usage of un-initialized variable,interpolate_local
in,ixheaacd_mps_mapindexdata().
As a fix interpolate_local variable is initialized to zero
Bug:118492282
Test: vendor
Change-Id: I741fa634a4f0481b59acbbb88b4cd7a44200bed6
Initialized num_ch to zero and moved num_ch update outside
if (skip_full_decode == 0) condition to avoid propagation
of uninitialized or wrong num_ch for all cases.
Bug:120590841
Test: vendor, poc
Change-Id: I8aca82be8a20689547a2b85f8f3a06700b9927d2
ixheaacd_aac_decoder_init() is called inside ixheaacd_dec_execute().
ixheaacd_aac_decoder_init() will return NULL pointer in failure case and
pointer to aac decoder structure in successful case.
After this function NULL pointer check before de-referencing is missing
which is causing segmentation fault.
As a fix NULL pointer check is added
Bug:118615735
Test: vendor
Change-Id: I0e9a22e0f97dc99c238a026bf0fd693c3e93e4e7
The numbers stored in the table
common_tables_ptr->cc_gain_scale are multiplied with itself,
((-norm_value) - 1) times and stored in ind_channel_info->cc_gain.
Since the number stored in common_tables_ptr->cc_gain_scale
has a q factor of 29, the result is right shifted by 29 to maintain
the same q factor.
Bug:112705155
Test: vendor
Change-Id: I94199d172e4d3ad511dbae3a49d76f8e440fe724
Valgrind has reported use of uninitialized variable in
ixheaacd_read_block_data, which is caused due to uninitialized
api object.
As fix, initialized the api object.
Bug:118615735.
Test: vendor
Change-Id: Ib2702eac2c2f659589ce7616a9818913879ff3de
gain_seq_idx is a 6 bit value read from the bit stream.
it can get any value between 0 to 63. gain_seq_idx is used
to access gain_set_params_index_for_gain_sequence[] array
whose size is SEQUENCE_COUNT_MAX which is 24. if gain_seq_idx
value is greater than or equal to SEQUENCE_COUNT_MAX cause
oob write.
Bound check on gain_seq_idx is added to prevent oob access.
Bug:119117381
Test: vendor
Change-Id: I571e6e705489ae1c46c651f87491f15428719b30
In xaacdec even though lpd decoder handle is defined to support 6
channels, only 2 channels are initialized with data (because we
support only stereo in USAC profile). The input stream used for
this issue has 3 channels. When third channel is getting processed
valgrind is reporting un-initialized data usage.
To solve the issue, a conditional check is added based on number
of channels in the bit stream
Bug:117661478
Test: vendor
Change-Id: Iafc63a022d168791f63b79b0c1965182e69cafe6
Crash was due to integer overflow. To resolve the
integer overflow issue added saturation addition
and subtraction
Bug:116969100
Change-Id: Ib0d21403c3d714b434f893d71d9a32eea9fc9219
