[FFmpeg-cvslog] avcodec/atrac9dec: Check that the reused block has succeeded initilization
ffmpeg | branch: release/4.1 | Michael Niedermayer |
Sun Jun 16 20:56:20 2019 +0200| [3d1903acfee865935b73957e1b4df5ae090c93f9] |
committer: Michael Niedermayer
avcodec/atrac9dec: Check that the reused block has succeeded initilization
Fixes: global-buffer-overflow
Fixes:
15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ac9af7e9a5befa8a554bacbcc59ab2f11203d85e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d1903acfee865935b73957e1b4df5ae090c93f9
---
libavcodec/atrac9dec.c | 8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 805d46f3b8..11b683d136 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -71,6 +71,8 @@ typedef struct ATRAC9BlockData {
int cpe_base_channel;
int is_signs[30];
+int reuseable;
+
} ATRAC9BlockData;
typedef struct ATRAC9Context {
@@ -668,6 +670,7 @@ static int atrac9_decode_block(ATRAC9Context *s,
GetBitContext *gb,
if (!reuse_params) {
int stereo_band, ext_band;
const int min_band_count = s->samplerate_idx > 7 ? 1 : 3;
+b->reuseable = 0;
b->band_count = get_bits(gb, 4) + min_band_count;
b->q_unit_cnt = at9_tab_band_q_unit_map[b->band_count];
@@ -699,6 +702,11 @@ static int atrac9_decode_block(ATRAC9Context *s,
GetBitContext *gb,
}
b->band_ext_q_unit = at9_tab_band_q_unit_map[ext_band];
}
+b->reuseable = 1;
+}
+if (!b->reuseable) {
+av_log(s->avctx, AV_LOG_ERROR, "invalid block reused!\n");
+return AVERROR_INVALIDDATA;
}
/* Calculate bit alloc gradient */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check that the reused block has succeeded initilization
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 16 20:56:20 2019 +0200| [ac9af7e9a5befa8a554bacbcc59ab2f11203d85e] |
committer: Michael Niedermayer
avcodec/atrac9dec: Check that the reused block has succeeded initilization
Fixes: global-buffer-overflow
Fixes:
15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac9af7e9a5befa8a554bacbcc59ab2f11203d85e
---
libavcodec/atrac9dec.c | 8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 894c70c7fc..08fe483e39 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -71,6 +71,8 @@ typedef struct ATRAC9BlockData {
int cpe_base_channel;
int is_signs[30];
+int reuseable;
+
} ATRAC9BlockData;
typedef struct ATRAC9Context {
@@ -668,6 +670,7 @@ static int atrac9_decode_block(ATRAC9Context *s,
GetBitContext *gb,
if (!reuse_params) {
int stereo_band, ext_band;
const int min_band_count = s->samplerate_idx > 7 ? 1 : 3;
+b->reuseable = 0;
b->band_count = get_bits(gb, 4) + min_band_count;
b->q_unit_cnt = at9_tab_band_q_unit_map[b->band_count];
@@ -699,6 +702,11 @@ static int atrac9_decode_block(ATRAC9Context *s,
GetBitContext *gb,
}
b->band_ext_q_unit = at9_tab_band_q_unit_map[ext_band];
}
+b->reuseable = 1;
+}
+if (!b->reuseable) {
+av_log(s->avctx, AV_LOG_ERROR, "invalid block reused!\n");
+return AVERROR_INVALIDDATA;
}
/* Calculate bit alloc gradient */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
