Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/xiph/speex.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTristan Matthews <tmatth@videolan.org>2019-06-20 07:48:10 +0300
committerTristan Matthews <tmatth@videolan.org>2019-06-20 07:59:24 +0300
commit7a762519869e7d34ba1f5c2ff09519f1021f4f6a (patch)
treec692d4e0c681592d89f343b68948adb073a6d42c
parent56baf7ca631480fb8b7427333d317593c8f38488 (diff)
speexdec_fuzzer: fix leak of decoder state on header error
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
Diffstat
-rw-r--r--contrib/oss-fuzz/speexdec_fuzzer.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/contrib/oss-fuzz/speexdec_fuzzer.cc b/contrib/oss-fuzz/speexdec_fuzzer.cc
index a9e2ebe..6122497 100644
--- a/contrib/oss-fuzz/speexdec_fuzzer.cc
+++ b/contrib/oss-fuzz/speexdec_fuzzer.cc
@@ -110,6 +110,7 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
speex_decoder_ctl(st, SPEEX_GET_FRAME_SIZE, frame_size);
if (*frame_size < 0 || *frame_size > 2*320)
{
+ speex_decoder_destroy(st);
free(header);
return NULL;
}
@@ -122,6 +123,7 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
if (header->frames_per_packet < 1 || header->frames_per_packet > 10)
{
+ speex_decoder_destroy(st);
free(header);
return NULL;
}
@@ -141,6 +143,7 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
if (header->extra_headers > INT_MAX - 1)
{
+ speex_decoder_destroy(st);
free(header);
return NULL;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 14:50:06 +0300