zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iSAC float: Handle errors in upper band decoding

Browse Source 
We hit a fuzzer bug that caused numDecodedBytesLB + numDecodedBytesUB
> lenEncodedBytes, which is obviously bogus. Check for that, and for
the case whhere the UB decoder itself realized that something was
wrong. (The code already makes the corresponding check for the LB
decoder.)

BUG=chromium:637899

Review-Url: https://codereview.webrtc.org/2315693002
Cr-Commit-Position: refs/heads/master@{#14091}
This commit is contained in:
kwiberg
2016-09-06 06:16:03 -07:00
committed by Commit bot
parent 92b2e0852f
commit d52bef7d64
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
webrtc/modules/audio_coding/codecs/isac/main/source/isac.c
View File

@ -1253,6 +1253,17 @@ static int Decode(ISACStruct* ISAC_main_inst,
return -1;
}
if (numDecodedBytesUB < 0) {
instISAC->errorCode = numDecodedBytesUB;
return -1;
}
if (numDecodedBytesLB + numDecodedBytesUB > lenEncodedBytes) {
// We have supposedly decoded more bytes than we were given. Likely
// caused by bad input data.
instISAC->errorCode = ISAC_LENGTH_MISMATCH;
return -1;
}
/* It might be less due to garbage. */
if ((numDecodedBytesUB != lenNextStream) &&
(numDecodedBytesUB != (lenNextStream -