avcodec/atrac9dec: Check grad_range[1] more tightly

Alternatively the array could be made bigger but the extra values would not be read without other changes. Fixes: Out of array access Fixes: 15658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5738260074070016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 208225bd782207aaf2b380522f96fd4fe4dc3441) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-08-04 00:45:20 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-01-06 11:30:42 +0100
commit: c1e67ca966ce7779054b79907c388e2a4a035cc8 (patch)
tree: f606c46f89ffd71cacc2c9b05665158e35a9b4ab /libavcodec
parent: 73302b0d9700524ac597c1abd8f67e566eef7aa8 (diff)
download: ffmpeg-c1e67ca966ce7779054b79907c388e2a4a035cc8.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 0794b6d210..87c9c51cd8 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -121,7 +121,7 @@ static inline int parse_gradient(ATRAC9Context *s, ATRAC9BlockData *b,
     }
     b->grad_boundary = get_bits(gb, 4);
 
-    if (grad_range[0] >= grad_range[1] || grad_range[1] > 47)
+    if (grad_range[0] >= grad_range[1] || grad_range[1] > 31)
         return AVERROR_INVALIDDATA;
 
     if (grad_value[0] > 31 || grad_value[1] > 31)
author	Michael Niedermayer <michael@niedermayer.cc>	2019-08-04 00:45:20 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-01-06 11:30:42 +0100
commit	c1e67ca966ce7779054b79907c388e2a4a035cc8 (patch)
tree	f606c46f89ffd71cacc2c9b05665158e35a9b4ab /libavcodec
parent	73302b0d9700524ac597c1abd8f67e566eef7aa8 (diff)
download	ffmpeg-c1e67ca966ce7779054b79907c388e2a4a035cc8.tar.gz