summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Storsjo <martin@martin.st>2017-06-07 15:29:59 +0300
committerMartin Storsjo <martin@martin.st>2017-06-12 23:44:59 +0300
commit39e13c1acbca94f562f9776e1555ced50dd0dfcd (patch)
tree50d5a6a78d36b89dda17bb4c05aec01184443ae0
parentd2fa9750d5f5cc5099ed616f762aad36cf2d3e9a (diff)
downloadfdk-aac-39e13c1acbca94f562f9776e1555ced50dd0dfcd.tar.gz
fdk-aac-39e13c1acbca94f562f9776e1555ced50dd0dfcd.tar.bz2
fdk-aac-39e13c1acbca94f562f9776e1555ced50dd0dfcd.zip
Fix "Stack-buffer-overflow in FDKmemset"
This probably doesn't fix the root cause, but at least fixes the issues found in this particular fuzzed sample. Fixes: 1973/clusterfuzz-testcase-minimized-6319232084082688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-rw-r--r--libFDK/src/qmf.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/libFDK/src/qmf.cpp b/libFDK/src/qmf.cpp
index 54526dd..13e6ff2 100644
--- a/libFDK/src/qmf.cpp
+++ b/libFDK/src/qmf.cpp
@@ -791,6 +791,10 @@ qmfInverseModulationHQ( HANDLE_QMF_FILTER_BANK synQmf, /*!< Handle of Qmf Synth
scaleValues(&tImag[0+synQmf->lsb], &qmfImag[0+synQmf->lsb], synQmf->usb-synQmf->lsb, scaleFactorHighBand);
}
+ if (synQmf->usb >= synQmf->no_channels) {
+ return;
+ }
+
FDKmemclear(&tReal[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF));
FDKmemclear(&tImag[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF));