[FFmpeg-devel] [PATCH 4/6] avcodec/aac/aacdec_usac: Clean ics2->max_sfb when first SCE fails
Lynne
dev at lynne.ee
Thu Aug 1 18:11:18 EEST 2024
On 31/07/2024 21:54, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 70734/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4741427068731392
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/aac/aacdec_usac.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c
> index 82db65eb0d0..2938e693874 100644
> --- a/libavcodec/aac/aacdec_usac.c
> +++ b/libavcodec/aac/aacdec_usac.c
> @@ -918,8 +918,10 @@ static int decode_usac_stereo_info(AACDecContext *ac, AACUSACConfig *usac,
> }
>
> ret = setup_sce(ac, sce1, usac);
> - if (ret < 0)
> + if (ret < 0) {
> + ics2->max_sfb = 0;
> return ret;
> + }
>
> ret = setup_sce(ac, sce2, usac);
> if (ret < 0)
Err, the one and only place where setup_sce can return an error is also
where ics->max_sfb = 0; is cleaned up. It doesn't make sense that this
patch would do anything at all.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xA2FEA5F03F034464.asc
Type: application/pgp-keys
Size: 624 bytes
Desc: OpenPGP public key
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240801/542c5e65/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240801/542c5e65/attachment.sig>
More information about the ffmpeg-devel
mailing list