Don't store a value read directly from the bitstream in an enum

In this case, the enum only has one single allowed value, while the
bitstream can contain a number of different values.

Don't load the unchecked value into an enum variable, because
storing the disallowed values in the enum variable is undefined
behaviour. Instead store it in an int, until the value has been
verified to be the allowed one.

This fixes undefined behaviour sanitizer errors.

Fixes: 23192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5205702892322816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

1 files changed, 4 insertions, 3 deletions

diff --git a/libSACdec/src/sac_bitdec.cpp b/libSACdec/src/sac_bitdec.cpp
index a1bdca4..062eb1c 100644
--- a/libSACdec/src/sac_bitdec.cpp
+++ b/libSACdec/src/sac_bitdec.cpp
@@ -448,6 +448,7 @@ SACDEC_ERROR SpatialDecParseSpecificConfig(
   int bsFreqRes, b3DaudioMode = 0;
   int numHeaderBits;
   int cfgStartPos, bitsAvailable;
+  int treeConfig;
 
   FDKmemclear(pSpatialSpecificConfig, sizeof(SPATIAL_SPECIFIC_CONFIG));
 
@@ -488,13 +489,13 @@ SACDEC_ERROR SpatialDecParseSpecificConfig(
   pSpatialSpecificConfig->freqRes =
       (SPATIALDEC_FREQ_RES)freqResTable_LD[bsFreqRes];
 
-  pSpatialSpecificConfig->treeConfig =
-      (SPATIALDEC_TREE_CONFIG)FDKreadBits(bitstream, 4);
+  treeConfig = FDKreadBits(bitstream, 4);
 
-  if (pSpatialSpecificConfig->treeConfig != SPATIALDEC_MODE_RSVD7) {
+  if (treeConfig != SPATIALDEC_MODE_RSVD7) {
     err = MPS_UNSUPPORTED_CONFIG;
     goto bail;
   }
+  pSpatialSpecificConfig->treeConfig = (SPATIALDEC_TREE_CONFIG) treeConfig;
 
   {
     pSpatialSpecificConfig->nOttBoxes =