diff mbox series

[FFmpeg-devel] aacdec: set ac->output_elements upon channel element free

Message ID 20240722012237.819610-1-dev@lynne.ee
State New
Headers show
Series [FFmpeg-devel] aacdec: set ac->output_elements upon channel element free | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Lynne July 22, 2024, 1:22 a.m. UTC 
The issue is that ac->output_elements is populated from
ac->che, which may be freed, leaving dangling pointers in this
list.

Should fix clusterfuzz.
---
 libavcodec/aac/aacdec.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Michael Niedermayer July 23, 2024, 3:30 p.m. UTC | #1 
On Mon, Jul 22, 2024 at 03:22:31AM +0200, Lynne via ffmpeg-devel wrote:
> The issue is that ac->output_elements is populated from
> ac->che, which may be freed, leaving dangling pointers in this
> list.
> 
> Should fix clusterfuzz.
> ---
>  libavcodec/aac/aacdec.c | 1 +
>  1 file changed, 1 insertion(+)

thanks!

[...]
diff mbox series

Patch

diff --git a/libavcodec/aac/aacdec.c b/libavcodec/aac/aacdec.c
index ea2ba84a80..c37de2e003 100644
--- a/libavcodec/aac/aacdec.c
+++ b/libavcodec/aac/aacdec.c
@@ -166,6 +166,7 @@  static av_cold int che_configure(AACDecContext *ac,
             ac->proc.sbr_ctx_close(ac->che[type][id]);
         }
         av_freep(&ac->che[type][id]);
+        memset(ac->output_element, 0, sizeof(ac->output_element));
     }
     return 0;
 }