search

xiph / opus

Modern audio compression for the internet.
https://opus-codec.org/
Other
2.3k stars 615 forks source link

Possible NULL dereference in celt_encode_with_ec #374

Open a1batross opened 2 hours ago

a1batross commented 2 hours ago

opus_custom_encode calls celt_encode_with_ec with NULL passed as ec_enc *enc parameter.

In this function, ec_enc_shrink is called at https://github.com/xiph/opus/blob/main/celt/celt_encoder.c#L1596. enc variable gets initialized in branch below at https://github.com/xiph/opus/blob/main/celt/celt_encoder.c#L1607.

Unlike other branches that check for enc being NULL pointer, here it's omitted, causing a crash when st->bitrate isn't OPUS_BITRATE_MAX.

a1batross commented 2 hours ago

It seems it was broken here: https://github.com/xiph/opus/commit/9fdc489c359b8723902a8e440d6efa89ba929862