Invalid memory address dereference in huffcode (in libfaac/huff2.c:184)

[fantasy7082]

Hi, i found a issue in the FAAC 1.29.9.2, it is crashed by function huffcode .It just cause a Invalid memory address dereference.the details are below(ASAN):

./faac faac_res/unkown_addr_huff2_184  -o out.aac
Freeware Advanced Audio Coder
FAAC 1.29.9.2

Initial quantization quality: 50
Average bitrate: 64 kbps/channel
Bandwidth: 5512 Hz
PNS level: 4
Object type: Low Complexity(MPEG-2) + IS + PNS
Container format: Transport Stream (ADTS)
Encoding faac_res/unkown_addr_huff2_184 to out.aac
   frame          | bitrate | elapsed/estim | play/CPU | ETA
ASAN:SIGSEGV
=================================================================
==27224==ERROR: AddressSanitizer: SEGV on unknown address 0x7f46283263a0 (pc 0x7f482811d6b3 bp 0x7fff764d41e0 sp 0x7fff764d4110 T0)
    #0 0x7f482811d6b2 in huffcode /root/faac_asan/faac/libfaac/huff2.c:184
    #1 0x7f482811e7e0 in huffbook /root/faac_asan/faac/libfaac/huff2.c:417
    #2 0x7f482811abe6 in qlevel /root/faac_asan/faac/libfaac/quantize.c:282
    #3 0x7f482811aff8 in BlocQuant /root/faac_asan/faac/libfaac/quantize.c:312
    #4 0x7f482810e38e in faacEncEncode /root/faac_asan/faac/libfaac/frame.c:586
    #5 0x4057cf in main /root/faac_asan/faac/frontend/main.c:1071
    #6 0x7f4827d5682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x401968 in _start (/usr/local/faac-asan/bin/faac+0x401968)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faac_asan/faac/libfaac/huff2.c:184 huffcode
==27224==ABORTING

POC FILE:https://github.com/fantasy7082/image_test/blob/master/004_unkown_addr_huff2_184_wav

[kirotawa]

It was assigned CVE-2018-19886 number.

[fabiangreffrath]

This is six times the same bug. All code lines in question read like this:

blen = book[idx].len;