The enums don't cover all possible values read from the bitstream.
This fixes undefined behaviour sanitizer errors.
Fixes: 27647/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5654559200116736
Fixes: 28193/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-4901213455515648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
The enum doesn't cover all possible values read from the bitstream.
This fixes undefined behaviour sanitizer errors.
Fixes: 27624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-6049277318791168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
In the bug the SBR decoder has already set up 9 channels and tries to
allocate one more channel. The assignment of the QMF channels to SBR
channels fails since the QMF domain manages only 8+1 channels instead
of 10 channels as reqeusted by SBR.
Here we have added a check in sbrDecoder_InitElement() which will
return with a parse error in case additional SBR channels would exceed
the maximum number of SBR channels. This solves the potential heap
buffer overflow.
Bug: 158762825
Test: atest DecoderTestAacDrc DecoderTestAacFormat DecoderTestXheAac
Change-Id: I0150ac6d5a47ffce883010f531928656eebc619e
Merged-In: I0150ac6d5a47ffce883010f531928656eebc619e
(cherry picked from commit bb8f983bf36ee2ad8af6acebf4823a58060004ab)
Make sure that the shift amount is less than the size of the shifted
value, otherwise return the saturation max values (for left shift, if
the source values was nonzero) or zero (for right shift, or zero
shifted left).
Fixes: 24376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-6529411206348800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
The enum doesn't cover all possible values read from the bitstream.
This fixes undefined behaviour sanitizer errors.
Fixes: 23719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5111020367642624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
In this case, the enum only has one single allowed value, while the
bitstream can contain a number of different values.
Don't load the unchecked value into an enum variable, because
storing the disallowed values in the enum variable is undefined
behaviour. Instead store it in an int, until the value has been
verified to be the allowed one.
This fixes undefined behaviour sanitizer errors.
Fixes: 23192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5205702892322816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
The enum doesn't cover all possible values read from the bitstream.
This fixes undefined behaviour sanitizer errors.
Fixes: 22486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5735284884111360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
am skip reason: Change-Id I662ad951a3221f967b53e7af65cb203a4b4a5e5d with SHA-1 71c477bae4 is in history
Change-Id: Ib0f01bde91a3b106189590c9fb4eda78ebbd3bcb
