ref: 062fb5056224b921a027bf4aa516c91ab45aa943
parent: dd54f0babdfbb79cfa9c2941cd06389da7b20419
author: Yaowu Xu <yaowu@google.com>
date: Fri Oct 18 06:32:56 EDT 2013
Added checking for invalid size Change-Id: I9672a61e60a26e2934796f088880ce4cb49605be
--- a/vp9/decoder/vp9_decodframe.c
+++ b/vp9/decoder/vp9_decodframe.c
@@ -802,6 +802,7 @@
struct vp9_read_bit_buffer *rb) {VP9_COMMON *const cm = &pbi->common;
MACROBLOCKD *const xd = &pbi->mb;
+ size_t sz;
int i;
cm->last_frame_type = cm->frame_type;
@@ -909,8 +910,9 @@
setup_segmentation(&cm->seg, rb);
setup_tile_info(cm, rb);
+ sz = vp9_rb_read_literal(rb, 16);
- return vp9_rb_read_literal(rb, 16);
+ return sz > 0 ? sz : -1;
}
static int read_compressed_header(VP9D_COMP *pbi, const uint8_t *data,