virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

avcodec/aacdec_template: Fix running cleanup in decode_ics_info()

Browse Source 
Fixes: out of array read
Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Previous version reviewed-by: Alex Converse <alex.converse@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f03ffb47d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2017-08-21 02:15:49 +02:00
parent 4a122a0879
commit 6ce9b2c1fe
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libavcodec/aacdec_template.c
View File

@ -1281,6 +1281,8 @@ static int decode_ics_info(AACContext *ac, IndividualChannelStream *ics,
const MPEG4AudioConfig *const m4ac = &ac->oc[1].m4ac; const MPEG4AudioConfig *const m4ac = &ac->oc[1].m4ac;
const int aot = m4ac->object_type; const int aot = m4ac->object_type;
const int sampling_index = m4ac->sampling_index; const int sampling_index = m4ac->sampling_index;
int ret_fail = AVERROR_INVALIDDATA;
if (aot != AOT_ER_AAC_ELD) { if (aot != AOT_ER_AAC_ELD) {
if (get_bits1(gb)) { if (get_bits1(gb)) {
av_log(ac->avctx, AV_LOG_ERROR, "Reserved bit set.\n"); av_log(ac->avctx, AV_LOG_ERROR, "Reserved bit set.\n");
@ -1331,8 +1333,10 @@ static int decode_ics_info(AACContext *ac, IndividualChannelStream *ics,
ics->num_swb = ff_aac_num_swb_512[sampling_index]; ics->num_swb = ff_aac_num_swb_512[sampling_index];
ics->tns_max_bands = ff_tns_max_bands_512[sampling_index]; ics->tns_max_bands = ff_tns_max_bands_512[sampling_index];
} }
if (!ics->num_swb || !ics->swb_offset) if (!ics->num_swb || !ics->swb_offset) {
return AVERROR_BUG; ret_fail = AVERROR_BUG;
goto fail;
}
} else { } else {
ics->swb_offset = ff_swb_offset_1024[sampling_index]; ics->swb_offset = ff_swb_offset_1024[sampling_index];
ics->num_swb = ff_aac_num_swb_1024[sampling_index]; ics->num_swb = ff_aac_num_swb_1024[sampling_index];
@ -1356,7 +1360,8 @@ static int decode_ics_info(AACContext *ac, IndividualChannelStream *ics,
if (aot == AOT_ER_AAC_LD) { if (aot == AOT_ER_AAC_LD) {
av_log(ac->avctx, AV_LOG_ERROR, av_log(ac->avctx, AV_LOG_ERROR,
"LTP in ER AAC LD not yet implemented.\n"); "LTP in ER AAC LD not yet implemented.\n");
return AVERROR_PATCHWELCOME; ret_fail = AVERROR_PATCHWELCOME;
goto fail;
} }
if ((ics->ltp.present = get_bits(gb, 1))) if ((ics->ltp.present = get_bits(gb, 1)))
decode_ltp(&ics->ltp, gb, ics->max_sfb); decode_ltp(&ics->ltp, gb, ics->max_sfb);
@ -1375,7 +1380,7 @@ static int decode_ics_info(AACContext *ac, IndividualChannelStream *ics,
return 0; return 0;
fail: fail:
ics->max_sfb = 0; ics->max_sfb = 0;
return AVERROR_INVALIDDATA; return ret_fail;
} }
/** /**