fenix
/
fdk-aac
mirror of https://github.com/mstorsjo/fdk-aac.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Don't use an enum for a value read directly from the bitstream 

The enum only defined values 1-7, while the variable can be set
to any value between 0 and 15 that is read from the bitstream
by FDKreadBits(hBs, 4).

This fixes undefined behaviour sanitizer errors.

Fixes: 19500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5730449188192256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Martin Storsjo 2020-01-09 10:21:19 +02:00
parent 10fcf89a3e
commit 28fcbe9fae
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libDRCdec/src/drcDec_reader.cpp
View File

@ -911,7 +911,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) {
firFilterOrder; firFilterOrder;
int uniqueEqSubbandGainsCount, eqSubbandGainRepresentation, int uniqueEqSubbandGainsCount, eqSubbandGainRepresentation,
eqSubbandGainCount; eqSubbandGainCount;
EQ_SUBBAND_GAIN_FORMAT eqSubbandGainFormat; int eqSubbandGainFormat;
eqDelayMaxPresent = FDKreadBits(hBs, 1); eqDelayMaxPresent = FDKreadBits(hBs, 1);
if (eqDelayMaxPresent) { if (eqDelayMaxPresent) {
@ -952,7 +952,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) {
uniqueEqSubbandGainsCount = FDKreadBits(hBs, 6); uniqueEqSubbandGainsCount = FDKreadBits(hBs, 6);
if (uniqueEqSubbandGainsCount > 0) { if (uniqueEqSubbandGainsCount > 0) {
eqSubbandGainRepresentation = FDKreadBits(hBs, 1); eqSubbandGainRepresentation = FDKreadBits(hBs, 1);
eqSubbandGainFormat = (EQ_SUBBAND_GAIN_FORMAT)FDKreadBits(hBs, 4); eqSubbandGainFormat = FDKreadBits(hBs, 4);
switch (eqSubbandGainFormat) { switch (eqSubbandGainFormat) {
case GF_QMF32: case GF_QMF32:
eqSubbandGainCount = 32; eqSubbandGainCount = 32;