atrac9dec: Check grad_range[1] more tightly

Lynne Sat, 03 Aug 2019 17:19:00 -0700

Aug 4, 2019, 12:16 AM by [email protected]:

> Alternatively the array could be made bigger but the extra values
> would not be read without other changes.
>
> Fixes: Out of array access
> Fixes: 
> 15658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5738260074070016
>
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <[email protected]>
> ---
>  libavcodec/atrac9dec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
> index 491e889788..e503e36dbf 100644
> --- a/libavcodec/atrac9dec.c
> +++ b/libavcodec/atrac9dec.c
> @@ -121,7 +121,7 @@ static inline int parse_gradient(ATRAC9Context *s, 
> ATRAC9BlockData *b,
>  }
>  b->grad_boundary = get_bits(gb, 4);
>  
> -    if (grad_range[0] >= grad_range[1] || grad_range[1] > 47)
> +    if (grad_range[0] >= grad_range[1] || grad_range[1] > 31)
>  return AVERROR_INVALIDDATA; 
>


Looked into it, lgtm.
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/3] avcodec/atrac9dec: Check grad_range[1] more tightly

Reply via email to