Reapply: Avoid reading out of bounds due to negative aaIccIndexMapped

Fixes: 10325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5740113355603968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

1 files changed, 6 insertions, 3 deletions

diff --git a/libSBRdec/src/psdec.cpp b/libSBRdec/src/psdec.cpp
index 13a21bf..1f8bd25 100644
--- a/libSBRdec/src/psdec.cpp
+++ b/libSBRdec/src/psdec.cpp
@@ -329,7 +329,7 @@ void initSlotBasedRotation(
 
   FIXP_SGL invL;
   FIXP_DBL ScaleL, ScaleR;
-  FIXP_DBL Alpha, Beta;
+  FIXP_DBL Alpha, Beta, AlphasValue;
   FIXP_DBL h11r, h12r, h21r, h22r;
 
   const FIXP_DBL *PScaleFactors;
@@ -363,12 +363,15 @@ void initSlotBasedRotation(
     ScaleL = PScaleFactors[noIidSteps - h_ps_d->specificTo.mpeg.pCoef
                                             ->aaIidIndexMapped[env][bin]];
 
+    AlphasValue = 0;
+    if (h_ps_d->specificTo.mpeg.pCoef->aaIccIndexMapped[env][bin] >= 0)
+      AlphasValue = Alphas[h_ps_d->specificTo.mpeg.pCoef->aaIccIndexMapped[env][bin]];
     Beta = fMult(
-        fMult(Alphas[h_ps_d->specificTo.mpeg.pCoef->aaIccIndexMapped[env][bin]],
+        fMult(AlphasValue,
               (ScaleR - ScaleL)),
         FIXP_SQRT05);
     Alpha =
-        Alphas[h_ps_d->specificTo.mpeg.pCoef->aaIccIndexMapped[env][bin]] >> 1;
+        AlphasValue >> 1;
 
     /* Alpha and Beta are now both scaled by 2 shifts right */