add patch to prevent crash on SCE followed by CPE
hDecoder->element_alloced denotes whether or not we have allocated memory for
usage in terms of the specified channel element. Given that it previously only
had two states (1 meaning allocated, and 0 meaning not allocated), it would not
allocate enough memory for parsing a CPE it if is preceeded by a SCE (and
therefor crash).
These changes fixes the issue by making sure that we allocate additional memory
if so is necessary, and the set of values for hDecoder->element_alloced[n] is
now:
0 = nothing allocated
1 = allocated enough for SCE
2 = allocated enough for CPE
All branches that depend on hDecoder->element_alloced[n] prior to this patch
only checks if the value is, or is not, zero. The added state, 2, is therefor
correctly handled automatically.
https://github.com/videolan/vlc/blob/master/contrib/src/faad2/faad2-fix-cpe-reconstruction.patch
Fabian Greffrath
4 years ago
| 1108 | 1108 | #ifdef PROFILE |
| 1109 | 1109 | int64_t count = faad_get_ts(); |
| 1110 | 1110 | #endif |
| 1111 | if (hDecoder->element_alloced[hDecoder->fr_ch_ele] == 0) | |
| 1111 | if (hDecoder->element_alloced[hDecoder->fr_ch_ele] != 2) | |
| 1112 | 1112 | { |
| 1113 | 1113 | retval = allocate_channel_pair(hDecoder, cpe->channel, (uint8_t)cpe->paired_channel); |
| 1114 | 1114 | if (retval > 0) |
| 1115 | 1115 | return retval; |
| 1116 | 1116 | |
| 1117 | hDecoder->element_alloced[hDecoder->fr_ch_ele] = 1; | |
| 1117 | hDecoder->element_alloced[hDecoder->fr_ch_ele] = 2; | |
| 1118 | 1118 | } |
| 1119 | 1119 | |
| 1120 | 1120 | /* dequantisation and scaling */ |