-
Jean-Michel Trivi authored
In the aacDecoder_drcExtractAndMap() function, self->numThreads can be used after having exceeded its intended max value, MAX_DRC_THREADS, causing memory to be cleared after the threadBs[MAX_DRC_THREADS] array. The crash is prevented by never using self->numThreads with a value equal to or greater than MAX_DRC_THREADS. A proper fix will be required as there seems to be an issue as to which entry in the threadBs array is meant to be initialized and used. Bug 26751339 Change-Id: I655cc40c35d4206ab72e83b2bdb751be2fe52b5a
e46ff0f7
