aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Storsjo <martin@martin.st>2017-10-20 16:05:02 +0300
committerMartin Storsjo <martin@martin.st>2017-10-20 16:33:25 +0300
commitcf697df5ad1495f167181dec0976ee228bec6378 (patch)
tree94f8601c2745b9d9355c8182769bd638a5f31f1e
parentc366b3db8fd78013edc5968df8507473b6fa71e6 (diff)
downloadfdk-aac-cf697df5ad1495f167181dec0976ee228bec6378.tar.gz
fdk-aac-cf697df5ad1495f167181dec0976ee228bec6378.tar.bz2
fdk-aac-cf697df5ad1495f167181dec0976ee228bec6378.zip
Avoid reading out of bounds due to negative aaIccIndexMapped
Fixes: 3452/clusterfuzz-testcase-4898065225875456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Diffstat
-rw-r--r--libSBRdec/src/psdec.cpp9
1 files changed, 6 insertions, 3 deletions
diff --git a/libSBRdec/src/psdec.cpp b/libSBRdec/src/psdec.cpp
index 965917a..88a79a4 100644
--- a/libSBRdec/src/psdec.cpp
+++ b/libSBRdec/src/psdec.cpp
@@ -944,7 +944,7 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
FIXP_SGL invL;
FIXP_DBL ScaleL, ScaleR;
- FIXP_DBL Alpha, Beta;
+ FIXP_DBL Alpha, Beta, AlphasValue;
FIXP_DBL h11r, h12r, h21r, h22r;
const FIXP_DBL *PScaleFactors;
@@ -1015,8 +1015,11 @@ void initSlotBasedRotation( HANDLE_PS_DEC h_ps_d, /*!< pointer to the module sta
ScaleR = PScaleFactors[noIidSteps + h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
ScaleL = PScaleFactors[noIidSteps - h_ps_d->specificTo.mpeg.coef.aaIidIndexMapped[env][bin]];
- Beta = fMult (fMult( Alphas[h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin]], ( ScaleR - ScaleL )), FIXP_SQRT05);
- Alpha = Alphas[h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin]]>>1;
+ AlphasValue = 0;
+ if (h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin] >= 0)
+ AlphasValue = Alphas[h_ps_d->specificTo.mpeg.coef.aaIccIndexMapped[env][bin]];
+ Beta = fMult (fMult( AlphasValue, ( ScaleR - ScaleL )), FIXP_SQRT05);
+ Alpha = AlphasValue>>1;
/* Alpha and Beta are now both scaled by 2 shifts right */
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 17:30:41 +0000