On Sat, Jul 28, 2018 at 2:33 PM Michael Niedermayer <mich...@niedermayer.cc> wrote: > > Fixes: Timeout > Fixes: > 9552/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6027842339995648 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/aacdec_template.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c > index 0c899285dd..b60b31a92c 100644 > --- a/libavcodec/aacdec_template.c > +++ b/libavcodec/aacdec_template.c > @@ -3122,6 +3122,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, > void *data, > int samples = 0, multiplier, audio_found = 0, pce_found = 0; > int is_dmono, sce_count = 0; > int payload_alignment; > + uint8_t che_presence[4][MAX_ELEM_ID] = {{0}}; > > ac->frame = data; > > @@ -3159,6 +3160,14 @@ static int aac_decode_frame_int(AVCodecContext *avctx, > void *data, > } > > if (elem_type < TYPE_DSE) { > + if (che_presence[elem_type][elem_id]) { > + av_log(ac->avctx, AV_LOG_ERROR, "channel element %d.%d > duplicate\n", > + elem_type, elem_id); > + err = AVERROR_INVALIDDATA; > + goto fail; > + } > + che_presence[elem_type][elem_id] = 1; > + > if (!(che=get_che(ac, elem_type, elem_id))) { > av_log(ac->avctx, AV_LOG_ERROR, "channel element %d.%d is > not allocated\n", > elem_type, elem_id);
I've been given a AAC stream that breaks decoding after this patch. I've opened a ticket with a sample file on Trac: https://trac.ffmpeg.org/ticket/7477 - Hendrik _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
