On Sun, Aug 20, 2017 at 5:15 PM, Michael Niedermayer
<mich...@niedermayer.cc> wrote:
>
> Fixes: out of array read
> Fixes: 2873/clusterfuzz-testcase-minimized-5924145713905664
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
> libavcodec/aacdec_template.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
> index a539f74e6f..e7fa27e8db 100644
> --- a/libavcodec/aacdec_template.c
> +++ b/libavcodec/aacdec_template.c
> @@ -1332,7 +1332,7 @@ static int decode_ics_info(AACContext *ac,
> IndividualChannelStream *ics,
> ics->tns_max_bands = ff_tns_max_bands_512[sampling_index];
> }
> if (!ics->num_swb || !ics->swb_offset)
> - return AVERROR_BUG;
> + goto fail;
> } else {
> ics->swb_offset = ff_swb_offset_1024[sampling_index];
> ics->num_swb = ff_aac_num_swb_1024[sampling_index];
okay
> @@ -1356,7 +1356,7 @@ static int decode_ics_info(AACContext *ac,
> IndividualChannelStream *ics,
> if (aot == AOT_ER_AAC_LD) {
> av_log(ac->avctx, AV_LOG_ERROR,
> "LTP in ER AAC LD not yet implemented.\n");
> - return AVERROR_PATCHWELCOME;
> + goto fail;
> }
> if ((ics->ltp.present = get_bits(gb, 1)))
> decode_ltp(&ics->ltp, gb, ics->max_sfb);
I'm not sure if it matters to anyone, but this is a missing decoder
feature and returning AVERROR_INVALIDDATA is semantically wrong.
> --
> 2.14.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
