[FFmpeg-cvslog] avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb()
Michael Niedermayer
git at videolan.org
Fri Jul 9 16:19:52 EEST 2021
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Mon Jul 5 22:09:26 2021 +0200| [eaec4df63f98b6d2d60d2cf441de250c5f69359e] | committer: Michael Niedermayer
avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb()
Fixes: NULL pointer dereference
Fixes: decode_spectrum_and_dequant.mp4
Found-by: Rafael Dutra <rafael.dutra at cispa.de>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eaec4df63f98b6d2d60d2cf441de250c5f69359e
---
libavcodec/aacdec_template.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index d78e60ec2e..85a2d1c7b6 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -1076,14 +1076,18 @@ static int decode_audio_specific_config_gb(AACContext *ac,
{
int i, ret;
GetBitContext gbc = *gb;
+ MPEG4AudioConfig m4ac_bak = *m4ac;
- if ((i = ff_mpeg4audio_get_config_gb(m4ac, &gbc, sync_extension, avctx)) < 0)
+ if ((i = ff_mpeg4audio_get_config_gb(m4ac, &gbc, sync_extension, avctx)) < 0) {
+ *m4ac = m4ac_bak;
return AVERROR_INVALIDDATA;
+ }
if (m4ac->sampling_index > 12) {
av_log(avctx, AV_LOG_ERROR,
"invalid sampling rate index %d\n",
m4ac->sampling_index);
+ *m4ac = m4ac_bak;
return AVERROR_INVALIDDATA;
}
if (m4ac->object_type == AOT_ER_AAC_LD &&
@@ -1091,6 +1095,7 @@ static int decode_audio_specific_config_gb(AACContext *ac,
av_log(avctx, AV_LOG_ERROR,
"invalid low delay sampling rate index %d\n",
m4ac->sampling_index);
+ *m4ac = m4ac_bak;
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list