Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/xiph/speex.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTristan Matthews <tmatth@videolan.org>2019-03-05 01:26:43 +0300
committerTristan Matthews <tmatth@videolan.org>2019-03-05 01:27:05 +0300
commit587e0812ef8c5f425e0fc9885eb1b2f8b6dec40e (patch)
tree2a5d1b5309541bcabea0c0b169ad209caa2454cb
parenta5c4c28f411c019ce261708641ee7ce6002238ed (diff)
oss-fuzz: validate frame size and frames per packet
Diffstat
-rw-r--r--contrib/oss-fuzz/speexdec_fuzzer.cc10
1 files changed, 10 insertions, 0 deletions
diff --git a/contrib/oss-fuzz/speexdec_fuzzer.cc b/contrib/oss-fuzz/speexdec_fuzzer.cc
index 36260c4..a56a6cd 100644
--- a/contrib/oss-fuzz/speexdec_fuzzer.cc
+++ b/contrib/oss-fuzz/speexdec_fuzzer.cc
@@ -107,6 +107,11 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
}
speex_decoder_ctl(st, SPEEX_SET_ENH, &enh_enabled);
speex_decoder_ctl(st, SPEEX_GET_FRAME_SIZE, frame_size);
+ if (*frame_size < 0 || *frame_size > 2*320)
+ {
+ free(header);
+ return NULL;
+ }
*granule_frame_size = *frame_size;
if (!*rate)
@@ -114,6 +119,11 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
speex_decoder_ctl(st, SPEEX_SET_SAMPLING_RATE, rate);
+ if (header->frames_per_packet < 1 || header->frames_per_packet > 10)
+ {
+ free(header);
+ return NULL;
+ }
*nframes = header->frames_per_packet;
if (*channels==-1)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 21:34:54 +0300