summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Storsjo <martin@martin.st>2017-06-07 15:54:02 +0300
committerMartin Storsjo <martin@martin.st>2017-06-12 23:44:43 +0300
commit4c4da0e39a1f8e7b265110996bceccd145f5bb9c (patch)
treecc78bb739e445b4c2b740413a55fe14195dc6cf8
parent50922e3dbd5d099a67d879c4ec1d7535ebfa30a8 (diff)
Avoid infinite loops in block decoding
Fixes: 1921/clusterfuzz-testcase-minimized-5480510065213440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-rw-r--r--libAACdec/src/block.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/libAACdec/src/block.cpp b/libAACdec/src/block.cpp
index a19284e..bda565c 100644
--- a/libAACdec/src/block.cpp
+++ b/libAACdec/src/block.cpp
@@ -318,6 +318,9 @@ AAC_DECODER_ERROR CBlock_ReadSectionData(HANDLE_FDK_BITSTREAM bs,
}
sect_len += sect_len_incr;
+ if (sect_len <= 0) {
+ return AAC_DEC_PARSE_ERROR;
+ }
top = band + sect_len;