Google Git
Sign in
fuchsia / third_party / android / platform / external / aac / 652432830ad1da5ccc395bff21df5dc07c1a68e4^2..652432830ad1da5ccc395bff21df5dc07c1a68e4 / .
commit652432830ad1da5ccc395bff21df5dc07c1a68e4[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Tue Nov 27 17:55:22 2018 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Nov 27 17:55:22 2018 +0000
tree6ae9b5ea734872f3675ec7eeeffc9241b1671b24
parenta4d6ca7b07569aac07d50f894f3757b58dd2d6eb [diff]
parent1ac4293f0bc26acbf7d8d73a097db9cc992e435c [diff]
Merge "Prevent overflow in MPEG-D DRC _setSelectionDataInfo()."
diff --git a/libAACdec/src/aacdecoder_lib.cpp b/libAACdec/src/aacdecoder_lib.cpp
index d98cf5a..ea52bb5 100644
--- a/libAACdec/src/aacdecoder_lib.cpp
+++ b/libAACdec/src/aacdecoder_lib.cpp

@@ -368,6 +368,23 @@
   return errTp;
 }
 
+static INT aacDecoder_SbrCallback(
+    void *handle, HANDLE_FDK_BITSTREAM hBs, const INT sampleRateIn,
+    const INT sampleRateOut, const INT samplesPerFrame,
+    const AUDIO_OBJECT_TYPE coreCodec, const MP4_ELEMENT_ID elementID,
+    const INT elementIndex, const UCHAR harmonicSBR,
+    const UCHAR stereoConfigIndex, const UCHAR configMode, UCHAR *configChanged,
+    const INT downscaleFactor) {
+  HANDLE_SBRDECODER self = (HANDLE_SBRDECODER)handle;
+
+  INT errTp = sbrDecoder_Header(self, hBs, sampleRateIn, sampleRateOut,
+                                samplesPerFrame, coreCodec, elementID,
+                                elementIndex, harmonicSBR, stereoConfigIndex,
+                                configMode, configChanged, downscaleFactor);
+
+  return errTp;
+}
+
 static INT aacDecoder_SscCallback(void *handle, HANDLE_FDK_BITSTREAM hBs,
                                   const AUDIO_OBJECT_TYPE coreCodec,
                                   const INT samplingRate,
@@ -959,7 +976,7 @@
     goto bail;
   }
   aacDec->qmfModeUser = NOT_DEFINED;
-  transportDec_RegisterSbrCallback(aacDec->hInput, (cbSbr_t)sbrDecoder_Header,
+  transportDec_RegisterSbrCallback(aacDec->hInput, aacDecoder_SbrCallback,
                                    (void *)aacDec->hSbrDecoder);
 
   if (mpegSurroundDecoder_Open(

diff --git a/libAACdec/src/block.cpp b/libAACdec/src/block.cpp
index 7d2a4b9..b3d09a6 100644
--- a/libAACdec/src/block.cpp
+++ b/libAACdec/src/block.cpp

@@ -127,9 +127,11 @@
   The function reads the escape sequence from the bitstream,
   if the absolute value of the quantized coefficient has the
   value 16.
-  A limitation is implemented to maximal 31 bits to prevent endless loops.
-  If it strikes, MAX_QUANTIZED_VALUE + 1 is returned, independent of the sign of
-  parameter q.
+  A limitation is implemented to maximal 21 bits according to
+  ISO/IEC 14496-3:2009(E) 4.6.3.3.
+  This limits the escape prefix to a maximum of eight 1's.
+  If more than eight 1's are read, MAX_QUANTIZED_VALUE + 1 is
+  returned, independent of the sign of parameter q.
 
   \return  quantized coefficient
 */
@@ -139,11 +141,11 @@
   if (fAbs(q) != 16) return (q);
 
   LONG i, off;
-  for (i = 4; i < 32; i++) {
+  for (i = 4; i < 13; i++) {
     if (FDKreadBit(bs) == 0) break;
   }
 
-  if (i == 32) return (MAX_QUANTIZED_VALUE + 1);
+  if (i == 13) return (MAX_QUANTIZED_VALUE + 1);
 
   off = FDKreadBits(bs, i);
   i = off + (1 << i);