mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2026-01-20 04:51:14 +01:00
be82aef7cc
fix a simple index bug in ff_aac_usac_reset_state() that writes past the end of ChannelElement.ch[2] for CPE ff_aac_usac_reset_state() loops over channels with j < ch, but incorrectly takes &che->ch[ch]. For CPE (ch == 2) this becomes che->ch[2], which is one past the end of ChannelElement.ch[2], and the subsequent memset() causes an intra-object out-of-bounds write. index the channel element with the loop variable (j).