Check that all channel mapping entries used are valid

If channel numbers are changed on the fly (in invalid bitstreams), we can end up with a channel mapping with fewer channels mapped than we actually try to output. Ideally, this condition should probably be checked somewhere closer to where it enters such a state, not when using the channel mapping though. Fixes: 2808/clusterfuzz-testcase-minimized-4694952892170240 Fixes: 2275/clusterfuzz-testcase-minimized-6205444085252096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
author: Martin Storsjo <martin@martin.st> 2017-08-03 12:51:43 +0300
committer: Martin Storsjo <martin@martin.st> 2017-08-03 14:22:04 +0300
commit: ecb2ad9a7b72b9fe96720c59289e5ccd9bf0f433 (patch)
tree: 65016fba368905f478961c57e8922821e710b8c8
parent: af5863a78efdfccd003dd6bea68c4a2cd2ad9f37 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/libSBRdec/src/sbrdecoder.cpp b/libSBRdec/src/sbrdecoder.cpp
index f9ded54..766d7e9 100644
--- a/libSBRdec/src/sbrdecoder.cpp
+++ b/libSBRdec/src/sbrdecoder.cpp
@@ -1444,6 +1444,9 @@ sbrDecoder_DecodeElement (
     self->flags |= (applyPs) ? SBRDEC_PS_DECODED : 0;
   }
 
+  if (channelMapping[0] == 255 || channelMapping[1] == 255)
+    return SBRDEC_UNSUPPORTED_CONFIG;
+
   /* Set strides for reading and writing */
   if (interleaved) {
     strideIn = numInChannels;
author	Martin Storsjo <martin@martin.st>	2017-08-03 12:51:43 +0300
committer	Martin Storsjo <martin@martin.st>	2017-08-03 14:22:04 +0300
commit	ecb2ad9a7b72b9fe96720c59289e5ccd9bf0f433 (patch)
tree	65016fba368905f478961c57e8922821e710b8c8
parent	af5863a78efdfccd003dd6bea68c4a2cd2ad9f37 (diff)