Quellcode durchsuchen

sb_celp: memset innovation memory in null mode

This was happening for an ultra-wideband fuzzer testcase.

Fixes msan error:
 Issue 69258: speex:speex_decode_fuzzer_fixed: Use-of-uninitialized-value in compute_rms16

found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex

Fixes https://gitlab.xiph.org/xiph/speex/-/issues/2049
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69258

Signed-off-by: Tristan Matthews <tmatth@videolan.org>
Tristan Matthews vor 5 Monaten
Ursprung
Commit
6d7d5fe220
1 geänderte Dateien mit 3 neuen und 0 gelöschten Zeilen
  1. 3 0
      libspeex/sb_celp.c

+ 3 - 0
libspeex/sb_celp.c

@@ -1293,6 +1293,9 @@ int sb_decode(void *state, SpeexBits *bits, void *vout)
 
       qmf_synth(out, out+st->frame_size, h0, out, st->full_frame_size, QMF_ORDER, st->g0_mem, st->g1_mem, stack);
 
+      if (st->innov_save)
+         SPEEX_MEMSET(st->innov_save, 0, st->full_frame_size);
+
       return 0;
 
    }