fenix
/
fdk-aac
mirror of https://github.com/mstorsjo/fdk-aac.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Don't store a value read directly from the bitstream in an enum 

In this case, the enum only has one single allowed value, while the
bitstream can contain a number of different values.

Don't load the unchecked value into an enum variable, because
storing the disallowed values in the enum variable is undefined
behaviour. Instead store it in an int, until the value has been
verified to be the allowed one.

This fixes undefined behaviour sanitizer errors.

Fixes: 23192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5205702892322816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Martin Storsjo 2020-06-12 10:29:11 +03:00
parent 5aa57d3633
commit 845febbb4a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libSACdec/src/sac_bitdec.cpp
View File

@ -448,6 +448,7 @@ SACDEC_ERROR SpatialDecParseSpecificConfig(
int bsFreqRes, b3DaudioMode = 0;
int numHeaderBits;
int cfgStartPos, bitsAvailable;
int treeConfig;
FDKmemclear(pSpatialSpecificConfig, sizeof(SPATIAL_SPECIFIC_CONFIG));
@ -488,13 +489,13 @@ SACDEC_ERROR SpatialDecParseSpecificConfig(
pSpatialSpecificConfig->freqRes =
(SPATIALDEC_FREQ_RES)freqResTable_LD[bsFreqRes];
pSpatialSpecificConfig->treeConfig =
(SPATIALDEC_TREE_CONFIG)FDKreadBits(bitstream, 4);
treeConfig = FDKreadBits(bitstream, 4);
if (pSpatialSpecificConfig->treeConfig != SPATIALDEC_MODE_RSVD7) {
if (treeConfig != SPATIALDEC_MODE_RSVD7) {
err = MPS_UNSUPPORTED_CONFIG;
goto bail;
}
pSpatialSpecificConfig->treeConfig = (SPATIALDEC_TREE_CONFIG) treeConfig;
{
pSpatialSpecificConfig->nOttBoxes =