aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Storsjo <martin@martin.st>2017-06-07 15:29:59 +0300
committerMartin Storsjo <martin@martin.st>2017-06-22 12:32:55 +0300
commitaf5863a78efdfccd003dd6bea68c4a2cd2ad9f37 (patch)
tree6e44b8a59846ab30bd64bd0348223170c5f1565e
parenta9c8cb2cf64004a8d4089aef953734c6e98f7c52 (diff)
downloadfdk-aac-af5863a78efdfccd003dd6bea68c4a2cd2ad9f37.tar.gz
fdk-aac-af5863a78efdfccd003dd6bea68c4a2cd2ad9f37.tar.bz2
fdk-aac-af5863a78efdfccd003dd6bea68c4a2cd2ad9f37.zip
Re-fix "Stack-buffer-overflow in FDKmemset"
This probably doesn't fix the root cause, but at least fixes the issues found in this particular fuzzed sample. Compared to the previous fix in 39e13c1acbca94f562f9776e1555ced50dd0dfcd, this doesn't break HE-AACv2 encoding, by allowing the case with usb==no_channels. Fixes: 1973/clusterfuzz-testcase-minimized-6319232084082688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-rw-r--r--libFDK/src/qmf.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/libFDK/src/qmf.cpp b/libFDK/src/qmf.cpp
index 54526dd..595fe94 100644
--- a/libFDK/src/qmf.cpp
+++ b/libFDK/src/qmf.cpp
@@ -791,6 +791,10 @@ qmfInverseModulationHQ( HANDLE_QMF_FILTER_BANK synQmf, /*!< Handle of Qmf Synth
scaleValues(&tImag[0+synQmf->lsb], &qmfImag[0+synQmf->lsb], synQmf->usb-synQmf->lsb, scaleFactorHighBand);
}
+ if (synQmf->usb > synQmf->no_channels) {
+ return;
+ }
+
FDKmemclear(&tReal[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF));
FDKmemclear(&tImag[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF));