[FFmpeg-devel] [PATCH 1/5] avcodec/atrac9dec: Clamp band_ext_data to max that can be read if skipped.

Lynne dev at lynne.ee
Thu Dec 26 15:57:46 EET 2019


Dec 16, 2019, 23:19 by michael at niedermayer.cc:

> Fixes: out of array read
> Fixes: 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

Just zero the entire ATRAC9ChannelData->band_ext_data and return if !get_bits(gb, 5). That way mode 0 won't change the signal and mode 1, 2, 3 and 4 will have minimal effect.The 5 bits that are read are meant to correspond to the length (already known) of the band extension data to be read. I'm not sure what Sony were thinking if its 0.
And ping me on IRC next time.


More information about the ffmpeg-devel mailing list