aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Storsjo <martin@martin.st>2017-11-20 12:35:32 +0200
committerMartin Storsjo <martin@martin.st>2017-11-20 12:36:46 +0200
commit56c717e223a161b11f523de97dae51c5cccd6b52 (patch)
tree4d92bac23b3f124580ad1e5163fb630007fe51e0
parent1e3515e03e2dbdbd48dacc31ef75d25c201a4c51 (diff)
downloadfdk-aac-56c717e223a161b11f523de97dae51c5cccd6b52.tar.gz
fdk-aac-56c717e223a161b11f523de97dae51c5cccd6b52.tar.bz2
fdk-aac-56c717e223a161b11f523de97dae51c5cccd6b52.zip
Avoid reading out of bounds due to too large aaIidIndexMapped
Fixes: 4151/clusterfuzz-testcase-4854089193095168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-rw-r--r--libSBRdec/src/psdec.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/libSBRdec/src/psdec.cpp b/libSBRdec/src/psdec.cpp
index 88a79a4..1729f90 100644
--- a/libSBRdec/src/psdec.cpp
+++ b/libSBRdec/src/psdec.cpp
@@ -938,7 +938,7 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
INT group = 0;
INT bin = 0;
- INT noIidSteps;
+ INT noIidSteps, noFactors;
/* const UCHAR *pQuantizedIIDs;*/
@@ -984,6 +984,7 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
{
PScaleFactors = ScaleFactorsFine; /* values are shiftet right by one */
noIidSteps = NO_IID_STEPS_FINE;
+ noFactors = NO_IID_LEVELS_FINE;
/*pQuantizedIIDs = quantizedIIDsFine;*/
}
@@ -991,6 +992,7 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
{
PScaleFactors = ScaleFactors; /* values are shiftet right by one */
noIidSteps = NO_IID_STEPS;
+ noFactors = NO_IID_LEVELS;
/*pQuantizedIIDs = quantizedIIDs;*/
}
@@ -1012,8 +1014,11 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
/* ScaleR and ScaleL are scaled by 1 shift right */
- ScaleR = PScaleFactors[noIidSteps + h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
- ScaleL = PScaleFactors[noIidSteps - h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
+ ScaleL = ScaleR = 0;
+ if (noIidSteps + h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin] >= 0 && noIidSteps + h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin] < noFactors)
+ ScaleR = PScaleFactors[noIidSteps + h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
+ if (noIidSteps - h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin] >= 0 && noIidSteps - h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin] < noFactors)
+ ScaleL = PScaleFactors[noIidSteps - h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
AlphasValue = 0;
if (h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin] >= 0)