Skip to content

Commit

Permalink
Don't use enums for values read directly from the bitstream
Browse files Browse the repository at this point in the history
The enums don't cover all possible values read from the bitstream.

This fixes undefined behaviour sanitizer errors.

Fixes: 31011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBFDK_AAC_fuzzer-4981228811976704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
  • Loading branch information
mstorsjo committed Apr 28, 2021
1 parent d0017ad commit c3cef6d
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions libFDK/src/nlc_dec.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -568,7 +568,7 @@ static ERROR_t huff_dec_2D(HANDLE_FDK_BITSTREAM strm, const DATA_TYPE data_type,
static ERROR_t huff_decode(HANDLE_FDK_BITSTREAM strm, SCHAR* out_data_1,
SCHAR* out_data_2, DATA_TYPE data_type,
DIFF_TYPE diff_type_1, DIFF_TYPE diff_type_2,
int num_val, CODING_SCHEME* cdg_scheme, int ldMode) {
int num_val, int* cdg_scheme, int ldMode) {
ERROR_t err = HUFFDEC_OK;
DIFF_TYPE diff_type;

Expand Down Expand Up @@ -597,14 +597,14 @@ static ERROR_t huff_decode(HANDLE_FDK_BITSTREAM strm, SCHAR* out_data_1,

/* Coding scheme */
data = FDKreadBits(strm, 1);
*cdg_scheme = (CODING_SCHEME)(data << PAIR_SHIFT);
*cdg_scheme = (data << PAIR_SHIFT);

if (*cdg_scheme >> PAIR_SHIFT == HUFF_2D) {
if ((out_data_1 != NULL) && (out_data_2 != NULL) && (ldMode == 0)) {
data = FDKreadBits(strm, 1);
*cdg_scheme = (CODING_SCHEME)(*cdg_scheme | data);
*cdg_scheme = (*cdg_scheme | data);
} else {
*cdg_scheme = (CODING_SCHEME)(*cdg_scheme | FREQ_PAIR);
*cdg_scheme = (*cdg_scheme | FREQ_PAIR);
}
}

Expand Down Expand Up @@ -843,7 +843,7 @@ ERROR_t EcDataPairDec(DECODER_TYPE DECODER, HANDLE_FDK_BITSTREAM strm,
SCHAR* pDataVec[2] = {NULL, NULL};

DIFF_TYPE diff_type[2] = {DIFF_FREQ, DIFF_FREQ};
CODING_SCHEME cdg_scheme = HUFF_1D;
int cdg_scheme = HUFF_1D;
DIRECTION direction = BACKWARDS;

switch (data_type) {
Expand Down

0 comments on commit c3cef6d

Please sign in to comment.