From 86eb72d8eb5c8c2cc0a667a8646068d11e0bbae3 Mon Sep 17 00:00:00 2001
From: Akshay Ragir <akshay.ragir@ittiam.com>
Date: Mon, 27 Nov 2023 14:03:47 +0530
Subject: Fix for the Global-buffer-overflow READ 4 in iaace_estimate_scfs_chan

These changes handle the 960 frame length
support for SBR and PS profiles.

Bug: ossFuzz: 64532
Test: poc in bug
---
 encoder/ixheaace_sbr_qmf_enc.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'encoder/ixheaace_sbr_qmf_enc.c')

diff --git a/encoder/ixheaace_sbr_qmf_enc.c b/encoder/ixheaace_sbr_qmf_enc.c
index 281ba31..cfe485f 100644
--- a/encoder/ixheaace_sbr_qmf_enc.c
+++ b/encoder/ixheaace_sbr_qmf_enc.c
@@ -801,7 +801,8 @@ VOID ixheaace_sbr_analysis_filtering(const FLOAT32 *ptr_time_in, WORD32 time_sn_
                                      FLOAT32 **ptr_ana_r, FLOAT32 **ptr_ana_i,
                                      ixheaace_pstr_sbr_qmf_filter_bank pstr_qmf_bank,
                                      ixheaace_str_qmf_tabs *pstr_qmf_tab, WORD32 num_qmf_subsamp,
-                                     WORD32 is_ld_sbr, FLOAT32 *ptr_sbr_scratch) {
+                                     WORD32 is_ld_sbr, FLOAT32 *ptr_sbr_scratch,
+                                     WORD32 is_ps_960) {
   WORD32 i, k;
   const FLOAT32 *ptr_pf_l, *ptr_pf_r;
   FLOAT32 *ptr_fp1, *ptr_fp2, *ptr_tmp;
@@ -939,6 +940,12 @@ VOID ixheaace_sbr_analysis_filtering(const FLOAT32 *ptr_time_in, WORD32 time_sn_
     pstr_qmf_bank->offset_r = pstr_qmf_bank->ptr_ref_coeff_r - ptr_start_coeff_r;
     pstr_qmf_bank->flag = flag;
   }
+  if (is_ps_960 == 1) {
+    memset(&ptr_ana_r[num_qmf_subsamp][0], 0, sizeof(ptr_ana_r[num_qmf_subsamp][0]) *
+           IXHEAACE_QMF_CHANNELS * (IXHEAACE_QMF_TIME_SLOTS - num_qmf_subsamp));
+    memset(&ptr_ana_i[num_qmf_subsamp][0], 0, sizeof(ptr_ana_i[num_qmf_subsamp][0]) *
+           IXHEAACE_QMF_CHANNELS * (IXHEAACE_QMF_TIME_SLOTS - num_qmf_subsamp));
+  }
 }
 
 VOID ixheaace_get_energy_from_cplx_qmf(
-- 
cgit v1.2.3