Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a6f610f4 authored by Manisha Jajoo's avatar Manisha Jajoo
Browse files

C2SoftMp3Dec: fix floating point exception 

outTimeStamp and mProcessedSamples are calculated from
samplingRate and numChannels respectively. If either
of them is 0, it will lead to divide by zero error.
This patch adds a check on both these parameters.

Test: clusterfuzz generated poc in bug
Test: atest android.mediav2.cts.CodecDecoderTest
Test: atest VtsHalMediaC2V1_0TargetAudioDecTest
Bug: 193363472

Change-Id: Ib268d63fa28b2b4d83165c2e3deccbb2bac2d92b
parent 0cbbad64

media/codec2/components/mp3/C2SoftMp3Dec.cpp

+18 −11
Original line number Diff line number Diff line
@@ -321,6 +321,13 @@ c2_status_t C2SoftMP3::drain( 
    return C2_OK;

}



static void fillEmptyWork(const std::unique_ptr<C2Work> &work) {

    work->worklets.front()->output.flags = work->input.flags;

    work->worklets.front()->output.buffers.clear();

    work->worklets.front()->output.ordinal = work->input.ordinal;

    work->workletsProcessed = 1u;

}



// TODO: Can overall error checking be improved? As in the check for validity of

//       work, pool ptr, work->input.buffers.size() == 1, ...

// TODO: Blind removal of 529 samples from the output may not work. Because
@@ -486,17 +493,17 @@ void C2SoftMP3::process( 
        }

    }



    fillEmptyWork(work);

    if (samplingRate && numChannels) {

        int64_t outTimeStamp = mProcessedSamples * 1000000ll / samplingRate;

        mProcessedSamples += ((outSize - outOffset) / (numChannels * sizeof(int16_t)));

        ALOGV("out buffer attr. offset %d size %d timestamp %" PRId64 " ", outOffset,

               outSize - outOffset, mAnchorTimeStamp + outTimeStamp);

        decodedSizes.clear();

    work->worklets.front()->output.flags = work->input.flags;

    work->worklets.front()->output.buffers.clear();

        work->worklets.front()->output.buffers.push_back(

                createLinearBuffer(block, outOffset, outSize - outOffset));

    work->worklets.front()->output.ordinal = work->input.ordinal;

        work->worklets.front()->output.ordinal.timestamp = mAnchorTimeStamp + outTimeStamp;

    }

    if (eos) {

        mSignalledOutputEos = true;

        ALOGV("signalled EOS");