Commit 7a762519 authored by Tristan Matthews's avatar Tristan Matthews

speexdec_fuzzer: fix leak of decoder state on header error

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/speex
parent 56baf7ca
......@@ -110,6 +110,7 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
speex_decoder_ctl(st, SPEEX_GET_FRAME_SIZE, frame_size);
if (*frame_size < 0 || *frame_size > 2*320)
{
speex_decoder_destroy(st);
free(header);
return NULL;
}
......@@ -122,6 +123,7 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
if (header->frames_per_packet < 1 || header->frames_per_packet > 10)
{
speex_decoder_destroy(st);
free(header);
return NULL;
}
......@@ -141,6 +143,7 @@ static void *process_header(ogg_packet *op, spx_int32_t enh_enabled, spx_int32_t
if (header->extra_headers > INT_MAX - 1)
{
speex_decoder_destroy(st);
free(header);
return NULL;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment