[FFmpeg-devel] [PATCH] aacdec: set ac->output_elements upon channel element free
Lynne
dev at lynne.ee
Mon Jul 22 04:22:31 EEST 2024
The issue is that ac->output_elements is populated from
ac->che, which may be freed, leaving dangling pointers in this
list.
Should fix clusterfuzz.
---
libavcodec/aac/aacdec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/aac/aacdec.c b/libavcodec/aac/aacdec.c
index ea2ba84a80..c37de2e003 100644
--- a/libavcodec/aac/aacdec.c
+++ b/libavcodec/aac/aacdec.c
@@ -166,6 +166,7 @@ static av_cold int che_configure(AACDecContext *ac,
ac->proc.sbr_ctx_close(ac->che[type][id]);
}
av_freep(&ac->che[type][id]);
+ memset(ac->output_element, 0, sizeof(ac->output_element));
}
return 0;
}
--
2.45.2.753.g447d99e1c3b
More information about the ffmpeg-devel
mailing list