The IPP 7.0 update 5.

File: rtp_amr_payload.cpp:


#define AMR_NB_SID_RTP_FT 8
#define AMR_WB_SID_RTP_FT 9
#define AMR_UNTR_RTP_FT 15


static Ipp32s *AMR_NB_nOrderMaps[8];
static Ipp32s *AMR_WB_nOrderMaps[9];
static Ipp32s AMR_WB_FrameLenBits[10];
static Ipp32s AMR_NB_FrameLenBits[9];



In the function "GetBitReordersTable" will cause crash:

} else if((frametype==1)||(frametype==2)){
if(m_CodecType==NB) {
ft = AMR_NB_SID_RTP_FT;
} else {
ft = AMR_WB_SID_RTP_FT;
}
} else {
ft = AMR_UNTR_RTP_FT;
}
if(m_CodecType==NB) {
*pOrderMap = AMR_NB_nOrderMaps[ft];
*FrameLenBits = AMR_NB_FrameLenBits[ft];
} else {
*pOrderMap = AMR_WB_nOrderMaps[ft];
*FrameLenBits = AMR_WB_FrameLenBits[ft];
}

if the frametype is not 1 and 2, the "ft" value is AMR_UNTR_RTP_FT(15), The AMR_NB_nOrderMaps, AMR_NB_FrameLenBits, AMR_WB_nOrderMaps, AMR_WB_FrameLenBits size all are less than AMR_UNTR_RTP_FT.


It will got crashed ?