avcodec/aacps: Fix undefined behavior
authorMichael Niedermayer <michael@niedermayer.cc>
Fri, 5 May 2017 11:16:07 +0000 (13:16 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 20 May 2017 01:41:34 +0000 (03:41 +0200)
Fixes: 1337/clusterfuzz-testcase-minimized-5212314171080704

Fixes the existence of a potentially invalid pointer intermediate

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 527f89e05922e840083ac6d49eeb838b1e350dd4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/aacps.c

index ccc79ff..48b595a 100644 (file)
@@ -975,7 +975,7 @@ static void stereo_processing(PSContext *ps, INTFLOAT (*l)[32][2], INTFLOAT (*r)
                 h_step[1][3] = AAC_MSUB31_V3(H22[1][e+1][b], h[1][3], width);
             }
             ps->dsp.stereo_interpolate[!PS_BASELINE && ps->enable_ipdopd](
-                l[k] + start + 1, r[k] + start + 1,
+                l[k] + 1 + start, r[k] + 1 + start,
                 h, h_step, stop - start);
         }
     }