Skip to content

Commit

Permalink
Don't use an enum for a value read directly from the bitstream
Browse files Browse the repository at this point in the history
The enum only defined values 1-7, while the variable can be set
to any value between 0 and 15 that is read from the bitstream
by FDKreadBits(hBs, 4).

This fixes undefined behaviour sanitizer errors.

Fixes: 19500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-5730449188192256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
  • Loading branch information
mstorsjo committed Jan 9, 2020
1 parent e90ed2c commit b317f70
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions libDRCdec/src/drcDec_reader.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -911,7 +911,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) {
firFilterOrder;
int uniqueEqSubbandGainsCount, eqSubbandGainRepresentation,
eqSubbandGainCount;
EQ_SUBBAND_GAIN_FORMAT eqSubbandGainFormat;
int eqSubbandGainFormat;

eqDelayMaxPresent = FDKreadBits(hBs, 1);
if (eqDelayMaxPresent) {
Expand Down Expand Up @@ -952,7 +952,7 @@ static void _skipEqCoefficients(HANDLE_FDK_BITSTREAM hBs) {
uniqueEqSubbandGainsCount = FDKreadBits(hBs, 6);
if (uniqueEqSubbandGainsCount > 0) {
eqSubbandGainRepresentation = FDKreadBits(hBs, 1);
eqSubbandGainFormat = (EQ_SUBBAND_GAIN_FORMAT)FDKreadBits(hBs, 4);
eqSubbandGainFormat = FDKreadBits(hBs, 4);
switch (eqSubbandGainFormat) {
case GF_QMF32:
eqSubbandGainCount = 32;
Expand Down

0 comments on commit b317f70

Please sign in to comment.