virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-03 14:32:16 +02:00
Code Issues Releases Activity

avcodec/atrac9dec: Check that the reused block has succeeded initilization

Browse Source 
Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-06-16 20:56:20 +02:00
parent a30e44098a
commit ac9af7e9a5
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/atrac9dec.c
View File

@ -71,6 +71,8 @@ typedef struct ATRAC9BlockData {
int cpe_base_channel;
int is_signs[30];
int reuseable;
} ATRAC9BlockData;
typedef struct ATRAC9Context {
@ -668,6 +670,7 @@ static int atrac9_decode_block(ATRAC9Context *s, GetBitContext *gb,
if (!reuse_params) {
int stereo_band, ext_band;
const int min_band_count = s->samplerate_idx > 7 ? 1 : 3;
b->reuseable = 0;
b->band_count = get_bits(gb, 4) + min_band_count;
b->q_unit_cnt = at9_tab_band_q_unit_map[b->band_count];
@ -699,6 +702,11 @@ static int atrac9_decode_block(ATRAC9Context *s, GetBitContext *gb,
}
b->band_ext_q_unit = at9_tab_band_q_unit_map[ext_band];
}
b->reuseable = 1;
}
if (!b->reuseable) {
av_log(s->avctx, AV_LOG_ERROR, "invalid block reused!\n");
return AVERROR_INVALIDDATA;
}
/* Calculate bit alloc gradient */