Codebase list faad2 / 3b80a57
specrec: better handle unexpected PS Parametric Stereo (PS) can arrive at any moment in input files. PS changes the number of output channels and therefore requires more allocated memory in various structures from hDecoder. The current faad2 code attempts to perform allocation surgery in hDecoder to recover from this. This works well when there is only one frame channel, else it creates large number of memory corruption issues. If there is more than one input channel, return cleanly with error code. It would be nice to handle this, but this is likely to be a lot of work and is beyond the scope of a security fix. This commit addresses CVE-2018-20360 and CVE-2018-20199 (fixes #32, fixes #24). Hugo Lefeuvre authored 4 years ago Hugo Lefeuvre committed 4 years ago
1 changed file(s) with 9 addition(s) and 9 deletion(s). Raw diff Collapse all Expand all
914914 /* element_output_channels not set yet */
915915 hDecoder->element_output_channels[hDecoder->fr_ch_ele] = output_channels;
916916 } else if (hDecoder->element_output_channels[hDecoder->fr_ch_ele] != output_channels) {
917 /* element inconsistency */
918
919 /* this only happens if PS is actually found but not in the first frame
917 /* element inconsistency
918 * this only happens if PS is actually found but not in the first frame
920919 * this means that there is only 1 bitstream element!
921920 */
922921
923 /* reset the allocation */
924 hDecoder->element_alloced[hDecoder->fr_ch_ele] = 0;
925
926 hDecoder->element_output_channels[hDecoder->fr_ch_ele] = output_channels;
927
928 //return 21;
922 if (hDecoder->fr_channels == 1) {
923 /* reset the allocation */
924 hDecoder->element_alloced[hDecoder->fr_ch_ele] = 0;
925 hDecoder->element_output_channels[hDecoder->fr_ch_ele] = output_channels;
926 } else {
927 return 21;
928 }
929929 }
930930
931931 if (hDecoder->element_alloced[hDecoder->fr_ch_ele] == 0)