Dec 16, 2019, 23:19 by mich...@niedermayer.cc: > Fixes: out of array read > Fixes: > 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >
Just zero the entire ATRAC9ChannelData->band_ext_data and return if !get_bits(gb, 5). That way mode 0 won't change the signal and mode 1, 2, 3 and 4 will have minimal effect.The 5 bits that are read are meant to correspond to the length (already known) of the band extension data to be read. I'm not sure what Sony were thinking if its 0. And ping me on IRC next time. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
