[FFmpeg-devel] [PATCH 4/6] avcodec/aac/aacdec_usac: Clean ics2->max_sfb when first SCE fails

Michael Niedermayer michael at niedermayer.cc
Wed Jul 31 22:54:08 EEST 2024


Fixes: out of array access
Fixes: 70734/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4741427068731392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/aac/aacdec_usac.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c
index 82db65eb0d0..2938e693874 100644
--- a/libavcodec/aac/aacdec_usac.c
+++ b/libavcodec/aac/aacdec_usac.c
@@ -918,8 +918,10 @@ static int decode_usac_stereo_info(AACDecContext *ac, AACUSACConfig *usac,
         }
 
         ret = setup_sce(ac, sce1, usac);
-        if (ret < 0)
+        if (ret < 0) {
+            ics2->max_sfb = 0;
             return ret;
+        }
 
         ret = setup_sce(ac, sce2, usac);
         if (ret < 0)
-- 
2.45.2



More information about the ffmpeg-devel mailing list