fenix
/
fdk-aac
mirror of https://github.com/mstorsjo/fdk-aac.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Don't use enums for values read directly from the bitstream 

The enums don't cover all possible values read from the bitstream.

This fixes undefined behaviour sanitizer errors.

Fixes: 27647/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5654559200116736
Fixes: 28193/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-4901213455515648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Martin Storsjo 2021-01-14 15:36:03 +02:00
parent d284d42e71
commit d75500444a
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libMpegTPDec/src/tpdec_asc.cpp
View File

@ -1549,8 +1549,7 @@ static TRANSPORTDEC_ERROR extElementConfig(CSUsacExtElementConfig *extElement,
const AUDIO_OBJECT_TYPE aot) {
TRANSPORTDEC_ERROR ErrorStatus = TRANSPORTDEC_OK;
USAC_EXT_ELEMENT_TYPE usacExtElementType =
(USAC_EXT_ELEMENT_TYPE)escapedValue(hBs, 4, 8, 16);
int usacExtElementType = escapedValue(hBs, 4, 8, 16);
/* recurve extension elements which are invalid for USAC */
if (aot == AOT_USAC) {
@ -1567,7 +1566,7 @@ static TRANSPORTDEC_ERROR extElementConfig(CSUsacExtElementConfig *extElement,
}
}
extElement->usacExtElementType = usacExtElementType;
extElement->usacExtElementType = (USAC_EXT_ELEMENT_TYPE)usacExtElementType;
int usacExtElementConfigLength = escapedValue(hBs, 4, 8, 16);
extElement->usacExtElementConfigLength = (USHORT)usacExtElementConfigLength;
INT bsAnchor;
@ -1631,14 +1630,14 @@ static TRANSPORTDEC_ERROR configExtension(CSUsacConfig *usc,
TRANSPORTDEC_ERROR ErrorStatus = TRANSPORTDEC_OK;
int numConfigExtensions;
CONFIG_EXT_ID usacConfigExtType;
int usacConfigExtType;
int usacConfigExtLength;
numConfigExtensions = (int)escapedValue(hBs, 2, 4, 8) + 1;
for (int confExtIdx = 0; confExtIdx < numConfigExtensions; confExtIdx++) {
INT nbits;
int loudnessInfoSetConfigExtensionPosition = FDKgetValidBits(hBs);
usacConfigExtType = (CONFIG_EXT_ID)escapedValue(hBs, 4, 8, 16);
usacConfigExtType = escapedValue(hBs, 4, 8, 16);
usacConfigExtLength = (int)escapedValue(hBs, 4, 8, 16);
/* Start bit position of config extension */