[FFmpeg-cvslog] avcodec/aacsbr_template: Do not leave bs_num_env invalid

Sat May 6 01:34:22 EEST 2017

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri May  5 23:00:59 2017 +0200| [a8ad83b793e883b8c6d114f81073a4e40c0308a3] | committer: Michael Niedermayer

avcodec/aacsbr_template: Do not leave bs_num_env invalid

Fixes out of array read
Fixes: 1349/clusterfuzz-testcase-minimized-5370707196248064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8ad83b793e883b8c6d114f81073a4e40c0308a3
---

 libavcodec/aacsbr_template.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/aacsbr_template.c b/libavcodec/aacsbr_template.c
index 750131c64c..aaa48ef802 100644
--- a/libavcodec/aacsbr_template.c
+++ b/libavcodec/aacsbr_template.c
@@ -640,6 +640,7 @@ static int read_sbr_grid(AACContext *ac, SpectralBandReplication *sbr,
             av_log(ac->avctx, AV_LOG_ERROR,
                    "Invalid bitstream, too many SBR envelopes in FIXFIX type SBR frame: %d\n",
                    ch_data->bs_num_env);
+            ch_data->bs_num_env = 2;
             return -1;
         }
 
@@ -695,6 +696,7 @@ static int read_sbr_grid(AACContext *ac, SpectralBandReplication *sbr,
             av_log(ac->avctx, AV_LOG_ERROR,
                    "Invalid bitstream, too many SBR envelopes in VARVAR type SBR frame: %d\n",
                    ch_data->bs_num_env);
+            ch_data->bs_num_env = 2;
             return -1;
         }
 

