From 2e64f76d2e246cd01cf87c12c06b300571ea3d3b Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Mon, 30 Nov 2020 12:55:07 +0200 Subject: Don't use an enum for a value read directly from the bitstream The enum doesn't cover all possible values read from the bitstream. This fixes undefined behaviour sanitizer errors. Fixes: 27624/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-6049277318791168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libDRCdec/src/drcDec_reader.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libDRCdec/src/drcDec_reader.cpp b/libDRCdec/src/drcDec_reader.cpp index 367a352..ca35345 100644 --- a/libDRCdec/src/drcDec_reader.cpp +++ b/libDRCdec/src/drcDec_reader.cpp @@ -914,7 +914,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) { firFilterOrder; int uniqueEqSubbandGainsCount, eqSubbandGainRepresentation, eqSubbandGainCount; - EQ_SUBBAND_GAIN_FORMAT eqSubbandGainFormat; + int eqSubbandGainFormat; eqDelayMaxPresent = FDKreadBits(hBs, 1); if (eqDelayMaxPresent) { @@ -955,7 +955,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) { uniqueEqSubbandGainsCount = FDKreadBits(hBs, 6); if (uniqueEqSubbandGainsCount > 0) { eqSubbandGainRepresentation = FDKreadBits(hBs, 1); - eqSubbandGainFormat = (EQ_SUBBAND_GAIN_FORMAT)FDKreadBits(hBs, 4); + eqSubbandGainFormat = FDKreadBits(hBs, 4); switch (eqSubbandGainFormat) { case GF_QMF32: eqSubbandGainCount = 32; -- cgit v1.2.3