[FFmpeg-cvslog] aacdec: set ac->output_elements upon channel element free
Lynne
git at videolan.org
Wed Jul 24 01:33:18 EEST 2024
ffmpeg | branch: master | Lynne <dev at lynne.ee> | Mon Jul 22 03:20:32 2024 +0200| [b1b69ccbc0b2043e60b95735acced292413c44a5] | committer: Lynne
aacdec: set ac->output_elements upon channel element free
The issue is that ac->output_elements is populated from
ac->che, which may be freed, leaving dangling pointers in this
list.
Should fix clusterfuzz.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1b69ccbc0b2043e60b95735acced292413c44a5
---
libavcodec/aac/aacdec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/aac/aacdec.c b/libavcodec/aac/aacdec.c
index ea2ba84a80..c37de2e003 100644
--- a/libavcodec/aac/aacdec.c
+++ b/libavcodec/aac/aacdec.c
@@ -166,6 +166,7 @@ static av_cold int che_configure(AACDecContext *ac,
ac->proc.sbr_ctx_close(ac->che[type][id]);
}
av_freep(&ac->che[type][id]);
+ memset(ac->output_element, 0, sizeof(ac->output_element));
}
return 0;
}
More information about the ffmpeg-cvslog
mailing list