eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-13 18:40:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/wmavoice: Do not use uninitialized pitch[0]

Browse Source 
Fixes: use of uninitialized value
Fixes: 70850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-4806127362048000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5338707930)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2024-08-15 00:37:04 +02:00
parent f6c823fab0
commit be4a8ea47d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/wmavoice.c
View File

@@ -1491,6 +1491,8 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext *gb, int frame_idx,
/* Parse frame type ("frame header"), see frame_descs */ /* Parse frame type ("frame header"), see frame_descs */
int bd_idx = s->vbm_tree[get_vlc2(gb, frame_type_vlc.table, 6, 3)], block_nsamples; int bd_idx = s->vbm_tree[get_vlc2(gb, frame_type_vlc.table, 6, 3)], block_nsamples;
pitch[0] = INT_MAX;
if (bd_idx < 0) { if (bd_idx < 0) {
av_log(ctx, AV_LOG_ERROR, av_log(ctx, AV_LOG_ERROR,
"Invalid frame type VLC code, skipping\n"); "Invalid frame type VLC code, skipping\n");
@@ -1608,6 +1610,9 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext *gb, int frame_idx,
double i_lsps[MAX_LSPS]; double i_lsps[MAX_LSPS];
float lpcs[MAX_LSPS]; float lpcs[MAX_LSPS];
if(frame_descs[bd_idx].fcb_type >= FCB_TYPE_AW_PULSES && pitch[0] == INT_MAX)
return AVERROR_INVALIDDATA;
for (n = 0; n < s->lsps; n++) // LSF -> LSP for (n = 0; n < s->lsps; n++) // LSF -> LSP
i_lsps[n] = cos(0.5 * (prev_lsps[n] + lsps[n])); i_lsps[n] = cos(0.5 * (prev_lsps[n] + lsps[n]));
ff_acelp_lspd2lpc(i_lsps, lpcs, s->lsps >> 1); ff_acelp_lspd2lpc(i_lsps, lpcs, s->lsps >> 1);