har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/cook: Use 3 stage VLC decoding for channel_coupling

Browse Source 
Fixes: shift exponent -1 is negative
Fixes: out of array read
Fixes: 19028/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5759766471376896
Fixes: 19037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5734106625474560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-11-25 21:39:48 +01:00
parent 4cfc563c57
commit 89fd76db71
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/cook.c
View File

@ -759,7 +759,7 @@ static int decouple_info(COOKContext *q, COOKSubpacket *p, int *decouple_tab)
for (i = 0; i < length; i++) for (i = 0; i < length; i++)
decouple_tab[start + i] = get_vlc2(&q->gb, decouple_tab[start + i] = get_vlc2(&q->gb,
p->channel_coupling.table, p->channel_coupling.table,
p->channel_coupling.bits, 2); p->channel_coupling.bits, 3);
else else
for (i = 0; i < length; i++) { for (i = 0; i < length; i++) {
int v = get_bits(&q->gb, p->js_vlc_bits); int v = get_bits(&q->gb, p->js_vlc_bits);