From eb07c22519d94e573f2a02947094acd2219dc07a Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 5 Apr 2022 18:53:20 +0200 Subject: [PATCH 1/6] Reject invalid out of band config in transportDec_OutOfBandConfig() and skip re-allocation. Bug: 224314979 Bug: 221734266 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5461414938804224 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5062403589275648 Change-Id: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 Merged-In: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 --- libMpegTPDec/src/tpdec_lib.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index 506aed3..3603a77 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2022 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -351,6 +351,12 @@ TRANSPORTDEC_ERROR transportDec_OutOfBandConfig(HANDLE_TRANSPORTDEC hTp, } } } + + /* if an error is detected terminate config parsing to avoid that an invalid + * config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } if (err == TRANSPORTDEC_OK && fConfigFound) { From 6a3817573b089f01b13f4f3a195dda8a345d8fe0 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 5 Apr 2022 18:53:20 +0200 Subject: [PATCH 2/6] Reject invalid out of band config in transportDec_OutOfBandConfig() and skip re-allocation. Bug: 224314979 Bug: 221734266 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5461414938804224 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5062403589275648 Change-Id: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 Merged-In: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 --- libMpegTPDec/src/tpdec_lib.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index ca35184..a4c0521 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2022 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -351,6 +351,12 @@ TRANSPORTDEC_ERROR transportDec_OutOfBandConfig(HANDLE_TRANSPORTDEC hTp, } } } + + /* if an error is detected terminate config parsing to avoid that an invalid + * config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } if (err == TRANSPORTDEC_OK && fConfigFound) { From c650c88c62fce5a1027a0e30484164ac14e130d8 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 5 Apr 2022 18:53:20 +0200 Subject: [PATCH 3/6] Reject invalid out of band config in transportDec_OutOfBandConfig() and skip re-allocation. Bug: 224314979 Bug: 221734266 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5461414938804224 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5062403589275648 Change-Id: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 Merged-In: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 --- libMpegTPDec/src/tpdec_lib.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index 091d011..8cd9cb0 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2022 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -351,6 +351,12 @@ TRANSPORTDEC_ERROR transportDec_OutOfBandConfig(HANDLE_TRANSPORTDEC hTp, } } } + + /* if an error is detected terminate config parsing to avoid that an invalid + * config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } if (err == TRANSPORTDEC_OK && fConfigFound) { From 2768a078f34a4d6cdb05916ad0e1f02d4c73fb6b Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 5 Apr 2022 18:53:20 +0200 Subject: [PATCH 4/6] Reject invalid out of band config in transportDec_OutOfBandConfig() and skip re-allocation. Bug: 224314979 Bug: 221734266 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5461414938804224 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5062403589275648 Change-Id: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 Merged-In: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 --- libMpegTPDec/src/tpdec_lib.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index 091d011..8cd9cb0 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2022 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -351,6 +351,12 @@ TRANSPORTDEC_ERROR transportDec_OutOfBandConfig(HANDLE_TRANSPORTDEC hTp, } } } + + /* if an error is detected terminate config parsing to avoid that an invalid + * config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } if (err == TRANSPORTDEC_OK && fConfigFound) { From b297bcbf2a2950cce6dad473f236949a0003769c Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 5 Apr 2022 18:53:20 +0200 Subject: [PATCH 5/6] Reject invalid out of band config in transportDec_OutOfBandConfig() and skip re-allocation. Bug: 224314979 Bug: 221734266 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5461414938804224 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5062403589275648 Change-Id: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 Merged-In: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 --- libMpegTPDec/src/tpdec_lib.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index ca35184..a4c0521 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2022 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -351,6 +351,12 @@ TRANSPORTDEC_ERROR transportDec_OutOfBandConfig(HANDLE_TRANSPORTDEC hTp, } } } + + /* if an error is detected terminate config parsing to avoid that an invalid + * config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } if (err == TRANSPORTDEC_OK && fConfigFound) { From 23ef1ac38c2dae4cd755880fc8f98491efd26027 Mon Sep 17 00:00:00 2001 From: Fraunhofer IIS FDK Date: Tue, 5 Apr 2022 18:53:20 +0200 Subject: [PATCH 6/6] Reject invalid out of band config in transportDec_OutOfBandConfig() and skip re-allocation. Bug: 224314979 Bug: 221734266 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5461414938804224 Test: adb shell /data/fuzz/arm64/C2FuzzerAacDec/C2FuzzerAacDec /data/local/tmp/clusterfuzz-testcase-minimized-C2FuzzerAacDec-5062403589275648 Change-Id: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 Merged-In: I64e7fe1b258be2f59c6d39c0b7b699fa881d79e6 --- libMpegTPDec/src/tpdec_lib.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index 091d011..8cd9cb0 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2022 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -351,6 +351,12 @@ TRANSPORTDEC_ERROR transportDec_OutOfBandConfig(HANDLE_TRANSPORTDEC hTp, } } } + + /* if an error is detected terminate config parsing to avoid that an invalid + * config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } if (err == TRANSPORTDEC_OK && fConfigFound) {