Android Security 9.0.0 Release 68 (7249336)
Fix heap buffer overflow in sbrDecoder_AssignQmfChannels2SbrChannels().

In the bug the SBR decoder has already set up 9 channels and tries to
allocate one more channel. The assignment of the QMF channels to SBR
channels fails since the QMF domain manages only 8+1 channels instead
of 10 channels as reqeusted by SBR.
Here we have added a check in sbrDecoder_InitElement() which will
return with a parse error in case additional SBR channels would exceed
the maximum number of SBR channels. This solves the potential heap
buffer overflow.

Bug: 158762825
Test: atest DecoderTestAacDrc DecoderTestAacFormat DecoderTestXheAac
Merged-In: I0150ac6d5a47ffce883010f531928656eebc619e
Change-Id: I8569a15214707ab622e986b34b4b917251495662
(cherry picked from commit c516539a202b08cda8569a9e58c9dc6097450cbe)
1 file changed