[FFmpeg-devel] [PATCH 4/6] avcodec/aac/aacdec_usac: Clean ics2->max_sfb when first SCE fails
Michael Niedermayer
michael at niedermayer.cc
Wed Jul 31 22:54:08 EEST 2024
Fixes: out of array access
Fixes: 70734/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4741427068731392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/aac/aacdec_usac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c
index 82db65eb0d0..2938e693874 100644
--- a/libavcodec/aac/aacdec_usac.c
+++ b/libavcodec/aac/aacdec_usac.c
@@ -918,8 +918,10 @@ static int decode_usac_stereo_info(AACDecContext *ac, AACUSACConfig *usac,
}
ret = setup_sce(ac, sce1, usac);
- if (ret < 0)
+ if (ret < 0) {
+ ics2->max_sfb = 0;
return ret;
+ }
ret = setup_sce(ac, sce2, usac);
if (ret < 0)
--
2.45.2
More information about the ffmpeg-devel
mailing list