Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
syntax.c: check for syntax element inconsistencies
Implicit channel mapping reconfiguration is explicitely forbidden by ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such files and reject them. FAAD2 does not perform any kind of checks regarding this. This leads to security vulnerabilities when processing crafted AAC files performing such reconfigurations. Add checks to decode_sce_lfe and decode_cpe to make sure such inconsistencies are detected as early as possible. These checks first read hDecoder->frame: if this is not the first frame then we make sure that the syntax element at the same position in the previous frame also had element_id id_syn_ele. If not, return 21 as this is a fatal file structure issue. This patch addresses CVE-2018-20362 (fixes knik0#26) and possibly other related issues.
- Loading branch information