From 4c4da0e39a1f8e7b265110996bceccd145f5bb9c Mon Sep 17 00:00:00 2001
From: Martin Storsjo <martin@martin.st>
Date: Wed, 7 Jun 2017 15:54:02 +0300
Subject: Avoid infinite loops in block decoding

Fixes: 1921/clusterfuzz-testcase-minimized-5480510065213440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
---
 libAACdec/src/block.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libAACdec')

diff --git a/libAACdec/src/block.cpp b/libAACdec/src/block.cpp
index a19284e..bda565c 100644
--- a/libAACdec/src/block.cpp
+++ b/libAACdec/src/block.cpp
@@ -318,6 +318,9 @@ AAC_DECODER_ERROR CBlock_ReadSectionData(HANDLE_FDK_BITSTREAM bs,
       }
 
       sect_len += sect_len_incr;
+      if (sect_len <= 0) {
+         return AAC_DEC_PARSE_ERROR;
+      }
 
 
       top = band + sect_len;
-- 
cgit v1.2.3