Highlights
Memory Corruption: 16 prior fixes. Scrutinize any change in this area.
libfaad/syntax.c: most-fixed (9 issues). Treat as high-risk during review.
32 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Memory Corruption: Unexpected transitions in channel configurations (e.g., Single Channel Element to Channel Pair Element) can trigger heap out-of-bounds writes or under-allocations if state tracking and active buffer sizing are not correctly updated.
Memory Corruption: Parsing of MP4 atoms (such as stsc, stsz, and stco) is highly susceptible to integer overflows prior to memory allocation, leading to undersized heap allocations and subsequent heap buffer overflows.
Out-of-bounds Write: Syntax decoding loops and indexing tables (e.g., section boundaries, channel count limits, and scale factor indexes) are historically prone to off-by-one errors and loose boundary validation.