Merge cherrypicks of [5317808, 5317809, 5318498, 5317873, 5318338, 5318195, 5318499, 5317874, 5317875, 5317876, 5318243, 5318244, 5318537, 5318538, 5318539, 5318540, 5318541, 5318542, 5318543, 5318544, 5318545, 5318546, 5315210, 5317756, 5318557, 5318558, 5318559, 5318560, 5318561, 5318339, 5318547, 5318548, 5318549, 5318562, 5318563, 5318564, 5318565, 5318566, 5318172, 5318173, 5318174, 5318550, 5318401, 5318196, 5317889, 5318175, 5318176, 5318577, 5318578, 5318579, 5318580, 5318581, 5318503, 5318390, 5318505, 5318341, 5318551] into pi-qpr1-release
Change-Id: I3deb2386b1e0f0c85bd4433f6aeb14abce252536
diff --git a/README.experimental b/README.experimental
new file mode 100644
index 0000000..27fd798
--- /dev/null
+++ b/README.experimental
@@ -0,0 +1,5 @@
+This xaac codec (external/xaac) is experimental; it is not yet intended
+to be used on production devices.
+
+This codec should not be configured into any production Android Pie
+(Android 9) device that will be shipped.
diff --git a/decoder/drc_src/impd_drc_dynamic_payload.c b/decoder/drc_src/impd_drc_dynamic_payload.c
index 70fa829..68583b2 100644
--- a/decoder/drc_src/impd_drc_dynamic_payload.c
+++ b/decoder/drc_src/impd_drc_dynamic_payload.c
@@ -558,6 +558,10 @@
if (it_bit_buff->error) return it_bit_buff->error;
if (drc_coeffs_and_instructions_uni_drc_v1_flag == 1) {
drc_coefficients_uni_drc_v1_count = impd_read_bits_buf(it_bit_buff, 3);
+ if ((drc_coefficients_uni_drc_v1_count +
+ drc_config->drc_coefficients_drc_count) > DRC_COEFF_COUNT_MAX) {
+ return (UNEXPECTED_ERROR);
+ }
if (it_bit_buff->error) return it_bit_buff->error;
for (i = 0; i < drc_coefficients_uni_drc_v1_count; i++) {
err = impd_drc_parse_coeff(
@@ -587,6 +591,10 @@
if (str_drc_config_ext->loud_eq_instructions_flag == 1) {
str_drc_config_ext->loud_eq_instructions_count =
impd_read_bits_buf(it_bit_buff, 4);
+ if (str_drc_config_ext->loud_eq_instructions_count >
+ LOUD_EQ_INSTRUCTIONS_COUNT_MAX)
+ return UNEXPECTED_ERROR;
+
if (it_bit_buff->error) return it_bit_buff->error;
for (i = 0; i < str_drc_config_ext->loud_eq_instructions_count; i++) {
err = impd_parse_loud_eq_instructions(
@@ -605,6 +613,8 @@
if (err) return (err);
str_drc_config_ext->eq_instructions_count =
impd_read_bits_buf(it_bit_buff, 4);
+ if (str_drc_config_ext->eq_instructions_count > EQ_INSTRUCTIONS_COUNT_MAX)
+ return UNEXPECTED_ERROR;
if (it_bit_buff->error) return it_bit_buff->error;
for (i = 0; i < str_drc_config_ext->eq_instructions_count; i++) {
err = impd_parse_eq_instructions(
@@ -625,7 +635,8 @@
for (j = 0; j < block_count; j++) {
str_filter_block->filter_element_count = impd_read_bits_buf(it_bit_buff, 6);
if (it_bit_buff->error) return it_bit_buff->error;
-
+ if (str_filter_block->filter_element_count > FILTER_ELEMENT_COUNT_MAX)
+ return UNEXPECTED_ERROR;
str_filter_element = &str_filter_block->str_filter_element[0];
for (k = 0; k < str_filter_block->filter_element_count; k++) {
temp = impd_read_bits_buf(it_bit_buff, 7);
@@ -923,6 +934,10 @@
str_eq_coeff->unique_filter_block_count = impd_read_bits_buf(it_bit_buff, 6);
if (it_bit_buff->error) return it_bit_buff->error;
+ if (str_eq_coeff->unique_filter_block_count > FILTER_BLOCK_COUNT_MAX) {
+ return (UNEXPECTED_ERROR);
+ }
+
err = impd_parse_filt_block(it_bit_buff, &(str_eq_coeff->str_filter_block[0]),
str_eq_coeff->unique_filter_block_count);
if (err) return (err);
@@ -1276,7 +1291,8 @@
if (additional_eq_set_id_present) {
additional_eq_set_id_cnt = impd_read_bits_buf(it_bit_buff, 6);
if (it_bit_buff->error) return it_bit_buff->error;
-
+ if (additional_eq_set_id_cnt >= EQ_SET_ID_COUNT_MAX)
+ return UNEXPECTED_ERROR;
for (i = 0; i < additional_eq_set_id_cnt; i++) {
loud_eq_instructions->eq_set_id[i + 1] =
impd_read_bits_buf(it_bit_buff, 6);
diff --git a/decoder/drc_src/impd_drc_gain_decoder.c b/decoder/drc_src/impd_drc_gain_decoder.c
index 43ae7b2..4b48f54 100644
--- a/decoder/drc_src/impd_drc_gain_decoder.c
+++ b/decoder/drc_src/impd_drc_gain_decoder.c
@@ -148,25 +148,25 @@
p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation_count = drc_instruction_str->gain_element_count;
for (i = 0;
- i < p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[i]
+ i < p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation_count;
i++) {
- p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[i]
+ p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation[i]
.str_node.time = 0;
- p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[i]
+ p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation[i]
.prev_node.time = -1;
- p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[i]
+ p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation[i]
.str_node.loc_db_gain = 0.0f;
- p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[i]
+ p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation[i]
.str_node.slope = 0.0f;
for (j = 0; j < 2 * AUDIO_CODEC_FRAME_SIZE_MAX + MAX_SIGNAL_DELAY;
j++) {
- p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[i]
+ p_drc_gain_dec_structs->drc_gain_buffers.pstr_gain_buf[k]
.buf_interpolation[i]
.lpcm_gains[j] = 1.f;
}
diff --git a/decoder/drc_src/impd_drc_static_payload.c b/decoder/drc_src/impd_drc_static_payload.c
index 3f73f09..de4ceec 100644
--- a/decoder/drc_src/impd_drc_static_payload.c
+++ b/decoder/drc_src/impd_drc_static_payload.c
@@ -548,6 +548,10 @@
str_drc_coeff_param_drc->reset_parametric_drc = (temp >> 6) & 1;
str_drc_coeff_param_drc->parametric_drc_gain_set_count = temp & 0x3f;
+ if (str_drc_coeff_param_drc->parametric_drc_gain_set_count >
+ SEQUENCE_COUNT_MAX)
+ return (UNEXPECTED_ERROR);
+
for (i = 0; i < str_drc_coeff_param_drc->parametric_drc_gain_set_count; i++) {
err = impd_parametric_drc_parse_gain_set_params(
it_bit_buff, drc_config,
@@ -910,6 +914,10 @@
str_drc_config_ext->parametric_drc_instructions_count =
impd_read_bits_buf(it_bit_buff, 4);
if (it_bit_buff->error) return it_bit_buff->error;
+ if (str_drc_config_ext->parametric_drc_instructions_count >
+ PARAM_DRC_INSTRUCTIONS_COUNT_MAX)
+ return (UNEXPECTED_ERROR);
+
for (i = 0; i < str_drc_config_ext->parametric_drc_instructions_count;
i++) {
err = impd_parse_parametric_drc_instructions(
@@ -1120,6 +1128,9 @@
if (it_bit_buff->error) return it_bit_buff->error;
drc_config->dwnmix_instructions_count = (temp >> 1) & 0x7f;
+ if (drc_config->dwnmix_instructions_count > DOWNMIX_INSTRUCTION_COUNT_MAX)
+ return (UNEXPECTED_ERROR);
+
drc_config->drc_description_basic_present = temp & 1;
if (drc_config->drc_description_basic_present == 1) {
@@ -1692,6 +1703,11 @@
str_p_loc_drc_coefficients_uni_drc->characteristic_left_count =
impd_read_bits_buf(it_bit_buff, 4);
if (it_bit_buff->error) return it_bit_buff->error;
+
+ if (str_p_loc_drc_coefficients_uni_drc->characteristic_left_count >
+ SPLIT_CHARACTERISTIC_COUNT_MAX)
+ return (UNEXPECTED_ERROR);
+
for (i = 1;
i <= str_p_loc_drc_coefficients_uni_drc->characteristic_left_count;
i++) {
@@ -1709,6 +1725,10 @@
str_p_loc_drc_coefficients_uni_drc->characteristic_right_count =
impd_read_bits_buf(it_bit_buff, 4);
if (it_bit_buff->error) return it_bit_buff->error;
+
+ if (str_p_loc_drc_coefficients_uni_drc->characteristic_right_count >
+ SPLIT_CHARACTERISTIC_COUNT_MAX)
+ return (UNEXPECTED_ERROR);
for (i = 1;
i <= str_p_loc_drc_coefficients_uni_drc->characteristic_right_count;
i++) {
@@ -2376,4 +2396,4 @@
}
return (0);
-}
\ No newline at end of file
+}
