From 5ab5496af95674e9ee741cba178d5b981bccbe45 Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Fri, 6 Sep 2019 22:42:07 +0300 Subject: Avoid index-out-of-bounds in prepareDrcGain Fixes: 16962/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5708503842291712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libDRCdec/src/drcGainDec_preprocess.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/libDRCdec/src/drcGainDec_preprocess.cpp b/libDRCdec/src/drcGainDec_preprocess.cpp index 8bd41d9..514e977 100644 --- a/libDRCdec/src/drcGainDec_preprocess.cpp +++ b/libDRCdec/src/drcGainDec_preprocess.cpp @@ -676,6 +676,7 @@ prepareDrcGain(HANDLE_DRC_GAIN_DECODER hGainDec, nDrcBands = pActiveDrc->bandCountForChannelGroup[g]; for (b = 0; b < nDrcBands; b++) { DRC_ERROR err = DE_OK; + if (gainSetIndex >= 12) return DE_PARAM_OUT_OF_RANGE; GAIN_SET* pGainSet = &(pCoef->gainSet[gainSetIndex]); int seq = pGainSet->gainSequenceIndex[b]; DRC_CHARACTERISTIC* pDChar = &(pGainSet->drcCharacteristic[b]); -- cgit v1.2.3