From af5863a78efdfccd003dd6bea68c4a2cd2ad9f37 Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Wed, 7 Jun 2017 15:29:59 +0300 Subject: Re-fix "Stack-buffer-overflow in FDKmemset" This probably doesn't fix the root cause, but at least fixes the issues found in this particular fuzzed sample. Compared to the previous fix in 39e13c1acbca94f562f9776e1555ced50dd0dfcd, this doesn't break HE-AACv2 encoding, by allowing the case with usb==no_channels. Fixes: 1973/clusterfuzz-testcase-minimized-6319232084082688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libFDK/src/qmf.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libFDK/src/qmf.cpp b/libFDK/src/qmf.cpp index 54526dd..595fe94 100644 --- a/libFDK/src/qmf.cpp +++ b/libFDK/src/qmf.cpp @@ -791,6 +791,10 @@ qmfInverseModulationHQ( HANDLE_QMF_FILTER_BANK synQmf, /*!< Handle of Qmf Synth scaleValues(&tImag[0+synQmf->lsb], &qmfImag[0+synQmf->lsb], synQmf->usb-synQmf->lsb, scaleFactorHighBand); } + if (synQmf->usb > synQmf->no_channels) { + return; + } + FDKmemclear(&tReal[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF)); FDKmemclear(&tImag[synQmf->usb], (synQmf->no_channels-synQmf->usb)*sizeof(FIXP_QMF)); -- cgit v1.2.3