ref: 1b71a6ba963d131375f5e489b3b25e36f19f3f24 aacdec/libfaad/syntax.c -rw-r--r-- 81.4 KiB
7bee9cc1 — Fabian Greffrath 1 year, 11 months ago
Merge pull request #43 from janisozaur/uint

Use unsigned integers correctly
6aed8409 — Michał Janiszewski 1 year, 11 months ago
Use unsigned integers correctly
942c3e0a — Fabian Greffrath 2 years ago
Fix a couple buffer overflows


a8dc3f8c — Fabian Greffrath 2 years ago
Merge pull request #33 from hlef/master

CVE-2018-20194 / CVE-2018-20362 fixes
466b01d5 — Hugo Lefeuvre 2 years ago
syntax.c: check for syntax element inconsistencies

Implicit channel mapping reconfiguration is explicitely forbidden by
ISO/IEC 13818-7:2006 ( Decoders should be able to detect such
files and reject them. FAAD2 does not perform any kind of checks
regarding this.

This leads to security vulnerabilities when processing crafted AAC
files performing such reconfigurations.

Add checks to decode_sce_lfe and decode_cpe to make sure such
inconsistencies are detected as early as possible.

These checks first read hDecoder->frame: if this is not the first
frame then we make sure that the syntax element at the same position
in the previous frame also had element_id id_syn_ele. If not, return
21 as this is a fatal file structure issue.

This patch addresses CVE-2018-20362 (fixes #26) and possibly other
related issues.
Use public headers internally to prevent duplicate declarations
Disabled LATM parser for now, not stable yet
workaround for latm bug
Applied some patches received
Final fix to copyright header
Fixed small bug in PS decoder
Changed GPL header a bit, now a clarification of section 2c of the GPLv2
Fixed small range checking bug
Silly bug
Latest patches
FAAD2 update
cvs sync
Sync CVS
small update in winamp plugin
sync with ahead cvs
ps_dec.c: Removed samplerate dependancy in PS, likely to be updated in corrigendum
Sync with internal CVS