From 8439b745f65bce3fd55ffc9f9edcc04f5f447c55 Mon Sep 17 00:00:00 2001 From: Martin Storsjo Date: Fri, 17 Jul 2020 22:51:34 +0300 Subject: Don't use an enum for a value read directly from the bitstream The enum doesn't cover all possible values read from the bitstream. This fixes undefined behaviour sanitizer errors. Fixes: 23719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5111020367642624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libMpegTPDec/src/tpdec_asc.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'libMpegTPDec/src/tpdec_asc.cpp') diff --git a/libMpegTPDec/src/tpdec_asc.cpp b/libMpegTPDec/src/tpdec_asc.cpp index b10602d..8868b22 100644 --- a/libMpegTPDec/src/tpdec_asc.cpp +++ b/libMpegTPDec/src/tpdec_asc.cpp @@ -1546,8 +1546,7 @@ static TRANSPORTDEC_ERROR extElementConfig(CSUsacExtElementConfig *extElement, const AUDIO_OBJECT_TYPE aot) { TRANSPORTDEC_ERROR ErrorStatus = TRANSPORTDEC_OK; - USAC_EXT_ELEMENT_TYPE usacExtElementType = - (USAC_EXT_ELEMENT_TYPE)escapedValue(hBs, 4, 8, 16); + int usacExtElementType = escapedValue(hBs, 4, 8, 16); /* recurve extension elements which are invalid for USAC */ if (aot == AOT_USAC) { @@ -1564,7 +1563,7 @@ static TRANSPORTDEC_ERROR extElementConfig(CSUsacExtElementConfig *extElement, } } - extElement->usacExtElementType = usacExtElementType; + extElement->usacExtElementType = (USAC_EXT_ELEMENT_TYPE) usacExtElementType; int usacExtElementConfigLength = escapedValue(hBs, 4, 8, 16); extElement->usacExtElementConfigLength = (USHORT)usacExtElementConfigLength; INT bsAnchor; -- cgit v1.2.3