Avoid index-out-of-bounds in processDrcTime

Fixes: 17638/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5699860921057280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
author: Martin Storsjo <martin@martin.st> 2019-10-02 13:32:57 +0300
committer: Martin Storsjo <martin@martin.st> 2019-10-02 13:32:57 +0300
commit: 3b9dd6b614edbfcb0cc31e176a0702c7a084d268 (patch)
tree: 3fcea0464831a9dd340f21e92031a41bcd657c40 /libDRCdec
parent: 5ab5496af95674e9ee741cba178d5b981bccbe45 (diff)
download: fdk-aac-3b9dd6b614edbfcb0cc31e176a0702c7a084d268.tar.gz
fdk-aac-3b9dd6b614edbfcb0cc31e176a0702c7a084d268.tar.bz2
fdk-aac-3b9dd6b614edbfcb0cc31e176a0702c7a084d268.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/libDRCdec/src/drcGainDec_process.cpp b/libDRCdec/src/drcGainDec_process.cpp
index 70c9533..1894f47 100644
--- a/libDRCdec/src/drcGainDec_process.cpp
+++ b/libDRCdec/src/drcGainDec_process.cpp
@@ -308,6 +308,8 @@ processDrcTime(HANDLE_DRC_GAIN_DECODER hGainDec, const int activeDrcIndex,
               pLinearNodeBuffer[pActiveDrc->lnbIndexForChannel[c][lnbIx] + b]);
         else
           pLnbPrevious = pDummyLnb;
+        if (pLnbPrevious->nNodes[lnbIx] <= 0 || pLnbPrevious->nNodes[lnbIx] > 16)
+          return DE_NOT_OK;
         nodePrevious =
             pLnbPrevious->linearNode[lnbIx][pLnbPrevious->nNodes[lnbIx] - 1];
         nodePrevious.time -= hGainDec->frameSize;
author	Martin Storsjo <martin@martin.st>	2019-10-02 13:32:57 +0300
committer	Martin Storsjo <martin@martin.st>	2019-10-02 13:32:57 +0300
commit	3b9dd6b614edbfcb0cc31e176a0702c7a084d268 (patch)
tree	3fcea0464831a9dd340f21e92031a41bcd657c40 /libDRCdec
parent	5ab5496af95674e9ee741cba178d5b981bccbe45 (diff)
download	fdk-aac-3b9dd6b614edbfcb0cc31e176a0702c7a084d268.tar.gz fdk-aac-3b9dd6b614edbfcb0cc31e176a0702c7a084d268.tar.bz2 fdk-aac-3b9dd6b614edbfcb0cc31e176a0702c7a084d268.zip