max_sfb when first SCE fails

Lynne via ffmpeg-devel Thu, 01 Aug 2024 08:11:36 -0700

On 31/07/2024 21:54, Michael Niedermayer wrote:

Fixes: out of array access
Fixes: 
70734/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4741427068731392


Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
  libavcodec/aac/aacdec_usac.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c
index 82db65eb0d0..2938e693874 100644
--- a/libavcodec/aac/aacdec_usac.c
+++ b/libavcodec/aac/aacdec_usac.c
@@ -918,8 +918,10 @@ static int decode_usac_stereo_info(AACDecContext *ac, 
AACUSACConfig *usac,
          }

ret = setup_sce(ac, sce1, usac);

-        if (ret < 0)
+        if (ret < 0) {
+            ics2->max_sfb = 0;
              return ret;
+        }

ret = setup_sce(ac, sce2, usac);

          if (ret < 0)

Err, the one and only place where setup_sce can return an error is also where ics->max_sfb = 0; is cleaned up. It doesn't make sense that this patch would do anything at all.

OpenPGP_0xA2FEA5F03F034464.asc
Description: OpenPGP public key

OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/6] avcodec/aac/aacdec_usac: Clean ics2->max_sfb when first SCE fails

Reply via email to