Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

knik0/faad2
master @ 91b7a65
40
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Memory Corruption: 16 prior fixes. Scrutinize any change in this area.
libfaad/syntax.c: most-fixed (9 issues). Treat as high-risk during review.
32 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Memory Corruption: Unexpected transitions in channel configurations (e.g., Single Channel Element to Channel Pair Element) can trigger heap out-of-bounds writes or under-allocations if state tracking and active buffer sizing are not correctly updated.
Memory Corruption: Parsing of MP4 atoms (such as stsc, stsz, and stco) is highly susceptible to integer overflows prior to memory allocation, leading to undersized heap allocations and subsequent heap buffer overflows.
Out-of-bounds Write: Syntax decoding loops and indexing tables (e.g., section boundaries, channel count limits, and scale factor indexes) are historically prone to off-by-one errors and loose boundary validation.