diff options
author | Martin Storsjo <martin@martin.st> | 2017-06-07 15:29:59 +0300 |
---|---|---|
committer | Martin Storsjo <martin@martin.st> | 2017-06-22 12:32:55 +0300 |
commit | af5863a78efdfccd003dd6bea68c4a2cd2ad9f37 (patch) | |
tree | 6e44b8a59846ab30bd64bd0348223170c5f1565e | |
parent | a9c8cb2cf64004a8d4089aef953734c6e98f7c52 (diff) | |
download | fdk-aac-af5863a78efdfccd003dd6bea68c4a2cd2ad9f37.tar.gz fdk-aac-af5863a78efdfccd003dd6bea68c4a2cd2ad9f37.tar.bz2 fdk-aac-af5863a78efdfccd003dd6bea68c4a2cd2ad9f37.zip |
Re-fix "Stack-buffer-overflow in FDKmemset"
This probably doesn't fix the root cause, but at least fixes
the issues found in this particular fuzzed sample.
Compared to the previous fix in 39e13c1acbca94f562f9776e1555ced50dd0dfcd,
this doesn't break HE-AACv2 encoding, by allowing the case with
usb==no_channels.
Fixes: 1973/clusterfuzz-testcase-minimized-6319232084082688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-rw-r--r-- | libFDK/src/qmf.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libFDK/src/qmf.cpp b/libFDK/src/qmf.cpp index 54526dd..595fe94 100644 --- a/libFDK/src/qmf.cpp +++ b/libFDK/src/qmf.cpp @@ -791,6 +791,10 @@ qmfInverseModulationHQ( HANDLE_QMF_FILTER_BANK synQmf, /*!< Handle of Qmf Synth scaleValues(&tImag[0+synQmf->lsb], &qmfImag[0+synQmf->lsb], synQmf->usb-synQmf->lsb, scaleFactorHighBand); } + if (synQmf->usb > synQmf->no_channels) { + return; + } + FDKmemclear(&tReal[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF)); FDKmemclear(&tImag[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF)); |