fenix
/
fdk-aac
mirror of https://github.com/mstorsjo/fdk-aac.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add tighter sanity checks in CBlock_GetEscape 

We can't read 31 bits of value here, since that would place the
topmost bit in the sign bit.

Fixes: 3480/clusterfuzz-testcase-4573445423628288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Martin Storsjo 2017-10-20 15:36:53 +03:00
parent e2e35b8273
commit c366b3db8f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libAACdec/src/block.cpp
View File

@ -138,7 +138,7 @@ LONG CBlock_GetEscape(HANDLE_FDK_BITSTREAM bs, /*!< pointer to bitstream */
if (i > 16)
{
if (i - 16 > CACHE_BITS) { /* cannot read more than "CACHE_BITS" bits at once in the function FDKreadBits() */
if (i >= 31) { /* (1 << i) will shift into the sign bit if i >= 31 */
return (MAX_QUANTIZED_VALUE + 1); /* returning invalid value that will be captured later */
}