Modified version of libxaac based on https://github.com/ittiam-systems/libxaac, starting from commit 1f798f1cc5b784fcc5af8777e0c7c2e7da5620db
ed03681d52
In ixheaacd_arith_decode(), ixheaacd_read_bidireciton() was being called even when bitbuffer was exhausted which in turn made cnt_bits and bit_pos more and more negative which overflowed eventually and resulted in heap buffer overlow. We also observed the variable "cumulative" value to be zero even after reaching the end of bitbuffer and this in turn lead to an infinte for loop "for (lev = esc_nb = 0;;)" in ixheaacd_arth_decoding_level2() as "cumulative" value would not be updated after reaching end of bitbuffer. As a fix , we return whenever "cumulative" value remains zero even after bitbuffer is exhausted. And this patch adds a check for (cnt_bits < 0) in ixheaacd_bitbuffer.c and removes bitbuffer wrap around in ixheaacd_read_bidirection(). Added cnt_bits > 25 check in ixheaacd_read_bits_buf() & ixheaacd_show_bits_buf() as these functions cannot handle read of more than 25 bits at a time. Bug:123976878 Test: poc Change-Id: I4ec729fddb859ddd0add0045532e20fbfffd2e5c |
||
|---|---|---|
| decoder | ||
| test | ||
| Android.bp | ||
| libxaac_blacklist.txt | ||
| LICENSE | ||
| MODULE_LICENSE_APACHE2 | ||
| NOTICE | ||
| OWNERS | ||
| README.experimental | ||
This xaac codec (external/xaac) is experimental; it is not yet intended to be used on production devices. This codec should not be configured into any production Android Pie (Android 9) device that will be shipped.