diff options
| author | Akshay Ragir <akshay.ragir@ittiam.com> | 2023-09-08 15:47:24 +0530 |
|---|---|---|
| committer | Divya B M <89966460+divya-bm@users.noreply.github.com> | 2023-09-09 20:32:12 +0530 |
| commit | 3428869827e205c9e46cb1d51459589add895ce6 (patch) | |
| tree | 11090c32cf17d34e635181e0a71b3f0c46b25fda /encoder/ixheaace_sbr_env_est.c | |
| parent | 5ee1f8c8485f99c24968466a1ec15b081c86fa23 (diff) | |
| download | libxaac-3428869827e205c9e46cb1d51459589add895ce6.tar.gz | |
Fix for the Null-dereference in ixheaace_extract_sbr_envelope
These changes handle the Null-dereference runtime error
reported for mono streams because of the inappropriate
access of uninitialized members from a structure.
Bug: ossFuzz: 61967
Test: poc in bug
Diffstat (limited to 'encoder/ixheaace_sbr_env_est.c')
| -rw-r--r-- | encoder/ixheaace_sbr_env_est.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/encoder/ixheaace_sbr_env_est.c b/encoder/ixheaace_sbr_env_est.c index 995c387..7f3cc83 100644 --- a/encoder/ixheaace_sbr_env_est.c +++ b/encoder/ixheaace_sbr_env_est.c @@ -719,10 +719,12 @@ static IA_ERRORCODE ixheaace_update_esbr_ext_data( static VOID ixheaace_update_harmonic_sbr_data( WORD32 transient_info[][3], WORD32 coupling, - struct ixheaace_str_sbr_env_data *pstr_sbr_env_left, - struct ixheaace_str_sbr_env_data *pstr_sbr_env_right, WORD32 num_channels) { + ixheaace_pstr_enc_channel *pstr_enc_ch, WORD32 num_channels) { WORD32 bin, bin1; + struct ixheaace_str_sbr_env_data *pstr_sbr_env_left = NULL; + struct ixheaace_str_sbr_env_data *pstr_sbr_env_right = NULL; if (1 == num_channels) { + pstr_sbr_env_left = &pstr_enc_ch[0]->enc_env_data; bin = pstr_sbr_env_left->sbr_pitchin_bins; if (transient_info[0][1] != 0) { pstr_sbr_env_left->sbr_preprocessing = 1; @@ -748,6 +750,8 @@ static VOID ixheaace_update_harmonic_sbr_data( pstr_sbr_env_left->sbr_patching_mode = 1; } } else { + pstr_sbr_env_left = &pstr_enc_ch[0]->enc_env_data; + pstr_sbr_env_right = &pstr_enc_ch[1]->enc_env_data; pstr_sbr_env_left->sbr_coupling = coupling; pstr_sbr_env_right->sbr_coupling = coupling; bin = pstr_sbr_env_left->sbr_pitchin_bins; @@ -2882,8 +2886,7 @@ IA_ERRORCODE ixheaace_extract_sbr_envelope(FLOAT32 *ptr_in_time, FLOAT32 *ptr_co if ((pstr_sbr_cfg->sbr_codec == USAC_SBR) && (pstr_sbr_hdr->sbr_harmonic)) { ixheaace_update_harmonic_sbr_data(transient_info, pstr_sbr_hdr->coupling, - &pstr_env_ch[0]->enc_env_data, - &pstr_env_ch[1]->enc_env_data, num_channels); + &pstr_env_ch[0], num_channels); } if (num_channels == 2) { WORD32 num_bits; |