diff mbox series

[FFmpeg-devel] avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb()

Message ID 20210705202454.31652-1-michael@niedermayer.cc
State Accepted
Commit eaec4df63f98b6d2d60d2cf441de250c5f69359e
Headers show
Series [FFmpeg-devel] avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb() | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer July 5, 2021, 8:24 p.m. UTC 
Fixes: NULL pointer dereference
Fixes: decode_spectrum_and_dequant.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/aacdec_template.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Michael Niedermayer July 9, 2021, 12:59 p.m. UTC | #1 
On Mon, Jul 05, 2021 at 10:24:54PM +0200, Michael Niedermayer wrote:
> Fixes: NULL pointer dereference
> Fixes: decode_spectrum_and_dequant.mp4
> 
> Found-by: Rafael Dutra <rafael.dutra@cispa.de>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/aacdec_template.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)

will apply

[...]
diff mbox series

Patch

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index d78e60ec2e..85a2d1c7b6 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1076,14 +1076,18 @@  static int decode_audio_specific_config_gb(AACContext *ac,
 {
     int i, ret;
     GetBitContext gbc = *gb;
+    MPEG4AudioConfig m4ac_bak = *m4ac;
 
-    if ((i = ff_mpeg4audio_get_config_gb(m4ac, &gbc, sync_extension, avctx)) < 0)
+    if ((i = ff_mpeg4audio_get_config_gb(m4ac, &gbc, sync_extension, avctx)) < 0) {
+        *m4ac = m4ac_bak;
         return AVERROR_INVALIDDATA;
+    }
 
     if (m4ac->sampling_index > 12) {
         av_log(avctx, AV_LOG_ERROR,
                "invalid sampling rate index %d\n",
                m4ac->sampling_index);
+        *m4ac = m4ac_bak;
         return AVERROR_INVALIDDATA;
     }
     if (m4ac->object_type == AOT_ER_AAC_LD &&
@@ -1091,6 +1095,7 @@  static int decode_audio_specific_config_gb(AACContext *ac,
         av_log(avctx, AV_LOG_ERROR,
                "invalid low delay sampling rate index %d\n",
                m4ac->sampling_index);
+        *m4ac = m4ac_bak;
         return AVERROR_INVALIDDATA;
     }