avcodec/aac/aacdec_usac: Clean ics2->max_sfb when first SCE fails

Fixes: out of array access Fixes: 70734/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4741427068731392 Fixes: 383194070/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5302387708854272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2024-07-31 20:59:49 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2024-12-11 21:55:40 +0100
commit: 682d710bcb8d21d8cda0182bb1725663dbbac7cd (patch)
tree: 21bea60fe38962087ee4b0be3653db2499b3f9ca /libavcodec/aac/aacdec_usac.c
parent: 1e76bd2f394a01c19073160c380adbcaa779f474 (diff)
download: ffmpeg-682d710bcb8d21d8cda0182bb1725663dbbac7cd.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c
index 1b79d19a30..5efa248238 100644
--- a/libavcodec/aac/aacdec_usac.c
+++ b/libavcodec/aac/aacdec_usac.c
@@ -917,8 +917,10 @@ static int decode_usac_stereo_info(AACDecContext *ac, AACUSACConfig *usac,
         }
 
         ret = setup_sce(ac, sce1, usac);
-        if (ret < 0)
+        if (ret < 0) {
+            ics2->max_sfb = 0;
             return ret;
+        }
 
         ret = setup_sce(ac, sce2, usac);
         if (ret < 0)
author	Michael Niedermayer <michael@niedermayer.cc>	2024-07-31 20:59:49 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2024-12-11 21:55:40 +0100
commit	682d710bcb8d21d8cda0182bb1725663dbbac7cd (patch)
tree	21bea60fe38962087ee4b0be3653db2499b3f9ca /libavcodec/aac/aacdec_usac.c
parent	1e76bd2f394a01c19073160c380adbcaa779f474 (diff)
download	ffmpeg-682d710bcb8d21d8cda0182bb1725663dbbac7cd.tar.gz