diff options
author | Martin Storsjo <martin@martin.st> | 2017-08-03 12:51:43 +0300 |
---|---|---|
committer | Martin Storsjo <martin@martin.st> | 2017-08-03 14:22:04 +0300 |
commit | ecb2ad9a7b72b9fe96720c59289e5ccd9bf0f433 (patch) | |
tree | 65016fba368905f478961c57e8922821e710b8c8 /libSBRdec/src | |
parent | af5863a78efdfccd003dd6bea68c4a2cd2ad9f37 (diff) | |
download | fdk-aac-ecb2ad9a7b72b9fe96720c59289e5ccd9bf0f433.tar.gz fdk-aac-ecb2ad9a7b72b9fe96720c59289e5ccd9bf0f433.tar.bz2 fdk-aac-ecb2ad9a7b72b9fe96720c59289e5ccd9bf0f433.zip |
Check that all channel mapping entries used are valid
If channel numbers are changed on the fly (in invalid bitstreams),
we can end up with a channel mapping with fewer channels mapped
than we actually try to output.
Ideally, this condition should probably be checked somewhere
closer to where it enters such a state, not when using the
channel mapping though.
Fixes: 2808/clusterfuzz-testcase-minimized-4694952892170240
Fixes: 2275/clusterfuzz-testcase-minimized-6205444085252096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Diffstat (limited to 'libSBRdec/src')
-rw-r--r-- | libSBRdec/src/sbrdecoder.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libSBRdec/src/sbrdecoder.cpp b/libSBRdec/src/sbrdecoder.cpp index f9ded54..766d7e9 100644 --- a/libSBRdec/src/sbrdecoder.cpp +++ b/libSBRdec/src/sbrdecoder.cpp @@ -1444,6 +1444,9 @@ sbrDecoder_DecodeElement ( self->flags |= (applyPs) ? SBRDEC_PS_DECODED : 0; } + if (channelMapping[0] == 255 || channelMapping[1] == 255) + return SBRDEC_UNSUPPORTED_CONFIG; + /* Set strides for reading and writing */ if (interleaved) { strideIn = numInChannels; |