[FFmpeg-cvslog] avcodec/atrac9dec: Check grad_range[1] more tightly
Michael Niedermayer
git at videolan.org
Mon Aug 5 20:50:13 EEST 2019
ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Sun Aug 4 00:45:20 2019 +0200| [99ecd0cfc9261206b89dcb495ca44243adfc9f8e] | committer: Michael Niedermayer
avcodec/atrac9dec: Check grad_range[1] more tightly
Alternatively the array could be made bigger but the extra values
would not be read without other changes.
Fixes: Out of array access
Fixes: 15658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5738260074070016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev at lynne.ee>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 208225bd782207aaf2b380522f96fd4fe4dc3441)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=99ecd0cfc9261206b89dcb495ca44243adfc9f8e
---
libavcodec/atrac9dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 2e23ea44e8..5f0481bacb 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -121,7 +121,7 @@ static inline int parse_gradient(ATRAC9Context *s, ATRAC9BlockData *b,
}
b->grad_boundary = get_bits(gb, 4);
- if (grad_range[0] >= grad_range[1] || grad_range[1] > 47)
+ if (grad_range[0] >= grad_range[1] || grad_range[1] > 31)
return AVERROR_INVALIDDATA;
if (grad_value[0] > 31 || grad_value[1] > 31)
More information about the ffmpeg-cvslog
mailing list