On Sun, Dec 26, 2021 at 02:37:23PM +0100, Michael Niedermayer wrote:
> No speex samples with non default frame sizes are known (to me)
> the official speexenc seems to only generate the 3 default ones.
> Thus it may be that the fuzzer samples where the first non default
> values encountered by the decoder.
> Possibly the "<" should be "!="
> 
> If someone has a valid speex file with non default frame sizes that
> would be interesting!
> 
> Fixes: out of array access
> Fixes: 42821/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEX_fuzzer-5640695772217344
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/speexdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If you fake or manipulate statistics in a paper in physics you will never
get a job again.
If you fake or manipulate statistics in a paper in medicin you will get
a job for life at the pharma industry.