Merge "Unsigned Integer Overflow in InitSegmentBitfield()"
diff --git a/libAACdec/src/aacdecoder.cpp b/libAACdec/src/aacdecoder.cpp
index 24907ee..8993927 100644
--- a/libAACdec/src/aacdecoder.cpp
+++ b/libAACdec/src/aacdecoder.cpp
@@ -775,7 +775,7 @@
/* For every AU get length and offset in the bitstream */
prerollAULength[i] = escapedValue(hBs, 16, 16, 0);
if (prerollAULength[i] > 0) {
- prerollAUOffset[i] = auStartAnchor - FDKgetValidBits(hBs);
+ prerollAUOffset[i] = auStartAnchor - (INT)FDKgetValidBits(hBs);
independencyFlag = FDKreadBit(hBs);
if (i == 0 && !independencyFlag) {
*numPrerollAU = 0;
diff --git a/libAACdec/src/channelinfo.h b/libAACdec/src/channelinfo.h
index 45a288f..4523400 100644
--- a/libAACdec/src/channelinfo.h
+++ b/libAACdec/src/channelinfo.h
@@ -359,7 +359,7 @@
shouldBeUnion {
struct {
FIXP_DBL fac_data0[LFAC];
- UCHAR fac_data_e[4];
+ SCHAR fac_data_e[4];
FIXP_DBL
*fac_data[4]; /* Pointers to unused parts of pSpectralCoefficient */
diff --git a/libAACdec/src/usacdec_acelp.cpp b/libAACdec/src/usacdec_acelp.cpp
index af1f488..9fecebf 100644
--- a/libAACdec/src/usacdec_acelp.cpp
+++ b/libAACdec/src/usacdec_acelp.cpp
@@ -579,11 +579,11 @@
L_tmp = (FIXP_DBL)0;
for (j = 0; j < M_LP_FILTER_ORDER; j++) {
- L_tmp -= fMultDiv2(a[j], y[i - (j + 1)]);
+ L_tmp -= fMultDiv2(a[j], y[i - (j + 1)]) >> (LP_FILTER_SCALE - 1);
}
- L_tmp = scaleValue(L_tmp, a_exp + 1);
- y[i] = L_tmp + x[i];
+ L_tmp = scaleValue(L_tmp, a_exp + LP_FILTER_SCALE);
+ y[i] = fAddSaturate(L_tmp, x[i]);
}
return;
@@ -631,10 +631,10 @@
s = (FIXP_DBL)0;
for (j = 0; j < M_LP_FILTER_ORDER; j++) {
- s += fMultDiv2(a[j], x[i - j - 1]);
+ s += fMultDiv2(a[j], x[i - j - 1]) >> (LP_FILTER_SCALE - 1);
}
- s = scaleValue(s, a_exp + 1);
+ s = scaleValue(s, a_exp + LP_FILTER_SCALE);
y[i] = fAddSaturate(s, x[i]);
}
diff --git a/libAACdec/src/usacdec_const.h b/libAACdec/src/usacdec_const.h
index c7dbae7..f68e808 100644
--- a/libAACdec/src/usacdec_const.h
+++ b/libAACdec/src/usacdec_const.h
@@ -115,6 +115,7 @@
/* definitions which are independent of coreCoderFrameLength */
#define M_LP_FILTER_ORDER 16 /* LP filter order */
+#define LP_FILTER_SCALE 4 /* LP filter scale */
#define PIT_MIN_12k8 34 /* Minimum pitch lag with resolution 1/4 */
#define PIT_MAX_12k8 231 /* Maximum pitch lag for fs=12.8kHz */
diff --git a/libAACdec/src/usacdec_fac.cpp b/libAACdec/src/usacdec_fac.cpp
index 71ce4a9..c10a3fe 100644
--- a/libAACdec/src/usacdec_fac.cpp
+++ b/libAACdec/src/usacdec_fac.cpp
@@ -142,7 +142,7 @@
return ptr;
}
-int CLpd_FAC_Read(HANDLE_FDK_BITSTREAM hBs, FIXP_DBL *pFac, UCHAR *pFacScale,
+int CLpd_FAC_Read(HANDLE_FDK_BITSTREAM hBs, FIXP_DBL *pFac, SCHAR *pFacScale,
int length, int use_gain, int frame) {
FIXP_DBL fac_gain;
int fac_gain_e = 0;
@@ -191,13 +191,11 @@
L_tmp = (FIXP_DBL)0;
for (j = 0; j < fMin(i, M_LP_FILTER_ORDER); j++) {
- L_tmp -= fMultDiv2(a[j], x[i - (j + 1)]);
+ L_tmp -= fMultDiv2(a[j], x[i - (j + 1)]) >> (LP_FILTER_SCALE - 1);
}
- L_tmp = scaleValue(L_tmp, a_exp + 1);
-
- x[i] = scaleValueSaturate((x[i] >> 1) + (L_tmp >> 1),
- 1); /* Avoid overflow issues and saturate. */
+ L_tmp = scaleValue(L_tmp, a_exp + LP_FILTER_SCALE);
+ x[i] = fAddSaturate(x[i], L_tmp);
}
}
@@ -538,7 +536,7 @@
if (total_gain != (FIXP_DBL)0) {
scaleValuesWithFactor(pSpec, total_gain, tl, spec_scale[0] + scale);
} else {
- scaleValues(pSpec, tl, spec_scale[0] + scale);
+ scaleValuesSaturate(pSpec, tl, spec_scale[0] + scale);
}
pOut1 += fl / 2 - 1;
@@ -627,7 +625,7 @@
if (total_gain != (FIXP_DBL)0) {
scaleValuesWithFactor(pSpec, total_gain, tl, spec_scale[w] + scale);
} else {
- scaleValues(pSpec, tl, spec_scale[w] + scale);
+ scaleValuesSaturate(pSpec, tl, spec_scale[w] + scale);
}
if (noOutSamples <= nrSamples) {
diff --git a/libAACdec/src/usacdec_fac.h b/libAACdec/src/usacdec_fac.h
index bf13552..100a6fa 100644
--- a/libAACdec/src/usacdec_fac.h
+++ b/libAACdec/src/usacdec_fac.h
@@ -131,7 +131,7 @@
* Always 0 for FD case.
* \return 0 on success, -1 on error.
*/
-int CLpd_FAC_Read(HANDLE_FDK_BITSTREAM hBs, FIXP_DBL *pFac, UCHAR *pFacScale,
+int CLpd_FAC_Read(HANDLE_FDK_BITSTREAM hBs, FIXP_DBL *pFac, SCHAR *pFacScale,
int length, int use_gain, int frame);
/**
diff --git a/libAACdec/src/usacdec_lpd.cpp b/libAACdec/src/usacdec_lpd.cpp
index fde34ef..2110172 100644
--- a/libAACdec/src/usacdec_lpd.cpp
+++ b/libAACdec/src/usacdec_lpd.cpp
@@ -418,6 +418,7 @@
FIXP_DBL tmp_pow2[32];
s = s * 2 + ALFDPOW2_SCALE;
+ s = fMin(31, s);
k = 8;
i_max = lg / 4; /* ALFD range = 1600Hz (lg = 6400Hz) */
diff --git a/libAACenc/src/aacenc_lib.cpp b/libAACenc/src/aacenc_lib.cpp
index 11db3da..f92cff4 100644
--- a/libAACenc/src/aacenc_lib.cpp
+++ b/libAACenc/src/aacenc_lib.cpp
@@ -1733,9 +1733,10 @@
}
/* check if buffer descriptors are filled out properly. */
- if ((AACENC_OK != validateBufDesc(inBufDesc)) ||
- (AACENC_OK != validateBufDesc(outBufDesc)) || (inargs == NULL) ||
- (outargs == NULL)) {
+ if ((inargs == NULL) || (outargs == NULL) ||
+ ((AACENC_OK != validateBufDesc(inBufDesc)) &&
+ (inargs->numInSamples > 0)) ||
+ (AACENC_OK != validateBufDesc(outBufDesc))) {
err = AACENC_UNSUPPORTED_PARAMETER;
goto bail;
}
diff --git a/libArithCoding/src/ac_arith_coder.cpp b/libArithCoding/src/ac_arith_coder.cpp
index b791f39..a433b08 100644
--- a/libArithCoding/src/ac_arith_coder.cpp
+++ b/libArithCoding/src/ac_arith_coder.cpp
@@ -609,13 +609,16 @@
return (j & 0x3F);
}
-static void decode2(HANDLE_FDK_BITSTREAM bbuf, UCHAR *RESTRICT c_prev,
- FIXP_DBL *RESTRICT pSpectralCoefficient, INT n, INT nt) {
+static ARITH_CODING_ERROR decode2(HANDLE_FDK_BITSTREAM bbuf,
+ UCHAR *RESTRICT c_prev,
+ FIXP_DBL *RESTRICT pSpectralCoefficient,
+ INT n, INT nt) {
Tastat as;
int i, l, r;
INT lev, esc_nb, pki;
USHORT state_inc;
UINT s;
+ ARITH_CODING_ERROR ErrorStatus = ARITH_CODER_OK;
int c_3 = 0; /* context of current frame 3 time steps ago */
int c_2 = 0; /* context of current frame 2 time steps ago */
@@ -655,6 +658,8 @@
lev++;
+ if (lev > 23) return ARITH_CODER_ERROR;
+
if (esc_nb < 7) {
esc_nb++;
}
@@ -721,6 +726,8 @@
}
FDKmemset(&c_prev[i], 1, sizeof(c_prev[0]) * (nt - i));
+
+ return ErrorStatus;
}
CArcoData *CArco_Create(void) { return GetArcoData(); }
@@ -763,7 +770,8 @@
pArcoData->m_numberLinesPrev = lg_max;
if (lg > 0) {
- decode2(hBs, pArcoData->c_prev + 2, mdctSpectrum, lg >> 1, lg_max >> 1);
+ ErrorStatus =
+ decode2(hBs, pArcoData->c_prev + 2, mdctSpectrum, lg >> 1, lg_max >> 1);
} else {
FDKmemset(&pArcoData->c_prev[2], 1,
sizeof(pArcoData->c_prev[2]) * (lg_max >> 1));
diff --git a/libFDK/include/scale.h b/libFDK/include/scale.h
index 07bd3af..30fa089 100644
--- a/libFDK/include/scale.h
+++ b/libFDK/include/scale.h
@@ -268,11 +268,11 @@
* to avoid problems when inverting the sign of the result.
*/
#ifndef SATURATE_LEFT_SHIFT_ALT
-#define SATURATE_LEFT_SHIFT_ALT(src, scale, dBits) \
- (((LONG)(src) > ((LONG)(((1U) << ((dBits)-1)) - 1) >> (scale))) \
- ? (LONG)(((1U) << ((dBits)-1)) - 1) \
- : ((LONG)(src) < ~((LONG)(((1U) << ((dBits)-1)) - 2) >> (scale))) \
- ? ~((LONG)(((1U) << ((dBits)-1)) - 2)) \
+#define SATURATE_LEFT_SHIFT_ALT(src, scale, dBits) \
+ (((LONG)(src) > ((LONG)(((1U) << ((dBits)-1)) - 1) >> (scale))) \
+ ? (LONG)(((1U) << ((dBits)-1)) - 1) \
+ : ((LONG)(src) <= ~((LONG)(((1U) << ((dBits)-1)) - 1) >> (scale))) \
+ ? ~((LONG)(((1U) << ((dBits)-1)) - 2)) \
: ((LONG)(src) << (scale)))
#endif