avcodec/aacdec: Check if we run out of input in read_stream_mux_config()

Fixes: Infinite loop Fixes: 16920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5653421289373696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3dce4d03) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/aacdec: Check if we run out of input in read_stream_mux_config()
Fixes: Infinite loop Fixes: 16920/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5653421289373696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3dce4d03) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
880579a7 · Michael Niedermayer · e15fd9bc · 880579a7
Commit 880579a7 authored Sep 08, 2019 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

aacdec.c libavcodec/aacdec.c +2 -0

No files found.
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -403,6 +403,8 @@ static int read_stream_mux_config(struct LATMContext *latmctx,
            } else {
                int esc;
                do {
+                    if (get_bits_left(gb) < 9)
+                        return AVERROR_INVALIDDATA;
                    esc = get_bits(gb, 1);
                    skip_bits(gb, 8);
                } while (esc);