[FFmpeg-cvslog] avcodec/aacdec_template: Clear tns present flag on error

2018-01-31 Thread Michael Niedermayer 
ffmpeg | branch: release/2.8 | Michael Niedermayer  | 
Sat Sep 30 18:54:05 2017 +0200| [1ad7bbfd210d072a7f0fc3ee22b00a8e665a65dc] | 
committer: Michael Niedermayer

avcodec/aacdec_template: Clear tns present flag on error

Fixes: 3444/clusterfuzz-testcase-minimized-6270352105668608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit dcf9bae4a93f54cb5767bc97db4a809efd396f8b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ad7bbfd210d072a7f0fc3ee22b00a8e665a65dc
---

 libavcodec/aacdec_template.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index aca553ecbd..1f87bb8ad1 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1929,16 +1929,17 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 global_gain = get_bits(gb, 8);
 
 if (!common_window && !scale_flag) {
-if (decode_ics_info(ac, ics, gb) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_ics_info(ac, ics, gb);
+if (ret < 0)
+goto fail;
 }
 
 if ((ret = decode_band_types(ac, sce->band_type,
  sce->band_type_run_end, gb, ics)) < 0)
-return ret;
+goto fail;
 if ((ret = decode_scalefactors(ac, sce->sf, gb, global_gain, ics,
   sce->band_type, sce->band_type_run_end)) < 0)
-return ret;
+goto fail;
 
 pulse_present = 0;
 if (!scale_flag) {
@@ -1946,37 +1947,48 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse tool not allowed in eight short sequence.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 if (decode_pulses(, gb, ics->swb_offset, ics->num_swb)) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse data corrupt or invalid.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 }
 tns->present = get_bits1(gb);
-if (tns->present && !er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && !er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 if (!eld_syntax && get_bits1(gb)) {
 avpriv_request_sample(ac->avctx, "SSR");
-return AVERROR_PATCHWELCOME;
+ret = AVERROR_PATCHWELCOME;
+goto fail;
 }
 // I see no textual basis in the spec for this occurring after SSR gain
 // control, but this is what both reference and real implmentations do
-if (tns->present && er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 }
 
-if (decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
-, ics, sce->band_type) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
+, ics, sce->band_type);
+if (ret < 0)
+goto fail;
 
 if (ac->oc[1].m4ac.object_type == AOT_AAC_MAIN && !common_window)
 apply_prediction(ac, sce);
 
 return 0;
+fail:
+tns->present = 0;
+return ret;
 }
 
 /**

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/aacdec_template: Clear tns present flag on error

2017-10-26 Thread Michael Niedermayer 
ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Sep 30 18:54:05 2017 +0200| [d9630deca42950ba5c2891ceb6a27877663a0c28] | 
committer: Michael Niedermayer

avcodec/aacdec_template: Clear tns present flag on error

Fixes: 3444/clusterfuzz-testcase-minimized-6270352105668608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit dcf9bae4a93f54cb5767bc97db4a809efd396f8b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d9630deca42950ba5c2891ceb6a27877663a0c28
---

 libavcodec/aacdec_template.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index d6880c90db..e63324d87d 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1945,16 +1945,17 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 global_gain = get_bits(gb, 8);
 
 if (!common_window && !scale_flag) {
-if (decode_ics_info(ac, ics, gb) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_ics_info(ac, ics, gb);
+if (ret < 0)
+goto fail;
 }
 
 if ((ret = decode_band_types(ac, sce->band_type,
  sce->band_type_run_end, gb, ics)) < 0)
-return ret;
+goto fail;
 if ((ret = decode_scalefactors(ac, sce->sf, gb, global_gain, ics,
   sce->band_type, sce->band_type_run_end)) < 0)
-return ret;
+goto fail;
 
 pulse_present = 0;
 if (!scale_flag) {
@@ -1962,37 +1963,48 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse tool not allowed in eight short sequence.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 if (decode_pulses(, gb, ics->swb_offset, ics->num_swb)) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse data corrupt or invalid.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 }
 tns->present = get_bits1(gb);
-if (tns->present && !er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && !er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 if (!eld_syntax && get_bits1(gb)) {
 avpriv_request_sample(ac->avctx, "SSR");
-return AVERROR_PATCHWELCOME;
+ret = AVERROR_PATCHWELCOME;
+goto fail;
 }
 // I see no textual basis in the spec for this occurring after SSR gain
 // control, but this is what both reference and real implmentations do
-if (tns->present && er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 }
 
-if (decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
-, ics, sce->band_type) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
+, ics, sce->band_type);
+if (ret < 0)
+goto fail;
 
 if (ac->oc[1].m4ac.object_type == AOT_AAC_MAIN && !common_window)
 apply_prediction(ac, sce);
 
 return 0;
+fail:
+tns->present = 0;
+return ret;
 }
 
 /**

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/aacdec_template: Clear tns present flag on error

2017-10-26 Thread Michael Niedermayer 
ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sat Sep 30 18:54:05 2017 +0200| [d0e4c3410c90d9311009b6c7105d11d4abf45f7b] | 
committer: Michael Niedermayer

avcodec/aacdec_template: Clear tns present flag on error

Fixes: 3444/clusterfuzz-testcase-minimized-6270352105668608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit dcf9bae4a93f54cb5767bc97db4a809efd396f8b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0e4c3410c90d9311009b6c7105d11d4abf45f7b
---

 libavcodec/aacdec_template.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index 13a342784e..3cb8f32403 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1941,16 +1941,17 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 global_gain = get_bits(gb, 8);
 
 if (!common_window && !scale_flag) {
-if (decode_ics_info(ac, ics, gb) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_ics_info(ac, ics, gb);
+if (ret < 0)
+goto fail;
 }
 
 if ((ret = decode_band_types(ac, sce->band_type,
  sce->band_type_run_end, gb, ics)) < 0)
-return ret;
+goto fail;
 if ((ret = decode_scalefactors(ac, sce->sf, gb, global_gain, ics,
   sce->band_type, sce->band_type_run_end)) < 0)
-return ret;
+goto fail;
 
 pulse_present = 0;
 if (!scale_flag) {
@@ -1958,37 +1959,48 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse tool not allowed in eight short sequence.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 if (decode_pulses(, gb, ics->swb_offset, ics->num_swb)) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse data corrupt or invalid.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 }
 tns->present = get_bits1(gb);
-if (tns->present && !er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && !er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 if (!eld_syntax && get_bits1(gb)) {
 avpriv_request_sample(ac->avctx, "SSR");
-return AVERROR_PATCHWELCOME;
+ret = AVERROR_PATCHWELCOME;
+goto fail;
 }
 // I see no textual basis in the spec for this occurring after SSR gain
 // control, but this is what both reference and real implmentations do
-if (tns->present && er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 }
 
-if (decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
-, ics, sce->band_type) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
+, ics, sce->band_type);
+if (ret < 0)
+goto fail;
 
 if (ac->oc[1].m4ac.object_type == AOT_AAC_MAIN && !common_window)
 apply_prediction(ac, sce);
 
 return 0;
+fail:
+tns->present = 0;
+return ret;
 }
 
 /**

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/aacdec_template: Clear tns present flag on error

2017-10-26 Thread Michael Niedermayer 
ffmpeg | branch: release/3.3 | Michael Niedermayer  | 
Sat Sep 30 18:54:05 2017 +0200| [4768b30b5bdf02cbfa6235f167ed2246009ed6f4] | 
committer: Michael Niedermayer

avcodec/aacdec_template: Clear tns present flag on error

Fixes: 3444/clusterfuzz-testcase-minimized-6270352105668608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit dcf9bae4a93f54cb5767bc97db4a809efd396f8b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4768b30b5bdf02cbfa6235f167ed2246009ed6f4
---

 libavcodec/aacdec_template.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index e6f0a36f61..6a93aed2e8 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1967,16 +1967,17 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 global_gain = get_bits(gb, 8);
 
 if (!common_window && !scale_flag) {
-if (decode_ics_info(ac, ics, gb) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_ics_info(ac, ics, gb);
+if (ret < 0)
+goto fail;
 }
 
 if ((ret = decode_band_types(ac, sce->band_type,
  sce->band_type_run_end, gb, ics)) < 0)
-return ret;
+goto fail;
 if ((ret = decode_scalefactors(ac, sce->sf, gb, global_gain, ics,
   sce->band_type, sce->band_type_run_end)) < 0)
-return ret;
+goto fail;
 
 pulse_present = 0;
 if (!scale_flag) {
@@ -1984,37 +1985,48 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse tool not allowed in eight short sequence.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 if (decode_pulses(, gb, ics->swb_offset, ics->num_swb)) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse data corrupt or invalid.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 }
 tns->present = get_bits1(gb);
-if (tns->present && !er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && !er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 if (!eld_syntax && get_bits1(gb)) {
 avpriv_request_sample(ac->avctx, "SSR");
-return AVERROR_PATCHWELCOME;
+ret = AVERROR_PATCHWELCOME;
+goto fail;
 }
 // I see no textual basis in the spec for this occurring after SSR gain
 // control, but this is what both reference and real implmentations do
-if (tns->present && er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 }
 
-if (decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
-, ics, sce->band_type) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
+, ics, sce->band_type);
+if (ret < 0)
+goto fail;
 
 if (ac->oc[1].m4ac.object_type == AOT_AAC_MAIN && !common_window)
 apply_prediction(ac, sce);
 
 return 0;
+fail:
+tns->present = 0;
+return ret;
 }
 
 /**

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/aacdec_template: Clear tns present flag on error

2017-10-03 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sat 
Sep 30 18:54:05 2017 +0200| [dcf9bae4a93f54cb5767bc97db4a809efd396f8b] | 
committer: Michael Niedermayer

avcodec/aacdec_template: Clear tns present flag on error

Fixes: 3444/clusterfuzz-testcase-minimized-6270352105668608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dcf9bae4a93f54cb5767bc97db4a809efd396f8b
---

 libavcodec/aacdec_template.c | 44 
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index 3558f1f550..082cc908d2 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1999,16 +1999,17 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 global_gain = get_bits(gb, 8);
 
 if (!common_window && !scale_flag) {
-if (decode_ics_info(ac, ics, gb) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_ics_info(ac, ics, gb);
+if (ret < 0)
+goto fail;
 }
 
 if ((ret = decode_band_types(ac, sce->band_type,
  sce->band_type_run_end, gb, ics)) < 0)
-return ret;
+goto fail;
 if ((ret = decode_scalefactors(ac, sce->sf, gb, global_gain, ics,
   sce->band_type, sce->band_type_run_end)) < 0)
-return ret;
+goto fail;
 
 pulse_present = 0;
 if (!scale_flag) {
@@ -2016,37 +2017,48 @@ static int decode_ics(AACContext *ac, 
SingleChannelElement *sce,
 if (ics->window_sequence[0] == EIGHT_SHORT_SEQUENCE) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse tool not allowed in eight short sequence.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 if (decode_pulses(, gb, ics->swb_offset, ics->num_swb)) {
 av_log(ac->avctx, AV_LOG_ERROR,
"Pulse data corrupt or invalid.\n");
-return AVERROR_INVALIDDATA;
+ret = AVERROR_INVALIDDATA;
+goto fail;
 }
 }
 tns->present = get_bits1(gb);
-if (tns->present && !er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && !er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 if (!eld_syntax && get_bits1(gb)) {
 avpriv_request_sample(ac->avctx, "SSR");
-return AVERROR_PATCHWELCOME;
+ret = AVERROR_PATCHWELCOME;
+goto fail;
 }
 // I see no textual basis in the spec for this occurring after SSR gain
 // control, but this is what both reference and real implmentations do
-if (tns->present && er_syntax)
-if (decode_tns(ac, tns, gb, ics) < 0)
-return AVERROR_INVALIDDATA;
+if (tns->present && er_syntax) {
+ret = decode_tns(ac, tns, gb, ics);
+if (ret < 0)
+goto fail;
+}
 }
 
-if (decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
-, ics, sce->band_type) < 0)
-return AVERROR_INVALIDDATA;
+ret = decode_spectrum_and_dequant(ac, out, gb, sce->sf, pulse_present,
+, ics, sce->band_type);
+if (ret < 0)
+goto fail;
 
 if (ac->oc[1].m4ac.object_type == AOT_AAC_MAIN && !common_window)
 apply_prediction(ac, sce);
 
 return 0;
+fail:
+tns->present = 0;
+return ret;
 }
 
 /**

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog