fenix/fdk-aac
1
0
Fork 0
mirror of https://github.com/mstorsjo/fdk-aac.git synced 2025-03-12 22:00:03 +01:00
Code Issues Projects Releases Wiki Activity

Avoid reading out of bounds due to negative aaIccIndexMapped

Browse Source 
Fixes: 3452/clusterfuzz-testcase-4898065225875456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Martin Storsjo 2017-10-20 16:05:02 +03:00
parent c366b3db8f
commit cf697df5ad
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libSBRdec/src/psdec.cpp
View File

@ -944,7 +944,7 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
FIXP_SGL invL;
FIXP_DBL ScaleL, ScaleR;
FIXP_DBL Alpha, Beta;
FIXP_DBL Alpha, Beta, AlphasValue;
FIXP_DBL h11r, h12r, h21r, h22r;
const FIXP_DBL *PScaleFactors;
@ -1015,8 +1015,11 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
ScaleR = PScaleFactors[noIidSteps + h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
ScaleL = PScaleFactors[noIidSteps - h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
Beta = fMult (fMult( Alphas[h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin]], ( ScaleR - ScaleL )), FIXP_SQRT05);
Alpha = Alphas[h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin]]>>1;
AlphasValue = 0;
if (h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin] >= 0)
AlphasValue = Alphas[h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin]];
Beta = fMult (fMult( AlphasValue, ( ScaleR - ScaleL )), FIXP_SQRT05);
Alpha = AlphasValue>>1;
/* Alpha and Beta are now both scaled by 2 shifts right */