shithub: libvpx

Download patch

ref: 062fb5056224b921a027bf4aa516c91ab45aa943
parent: dd54f0babdfbb79cfa9c2941cd06389da7b20419
author: Yaowu Xu <yaowu@google.com>
date: Fri Oct 18 06:32:56 EDT 2013 

Added checking for invalid size

Change-Id: I9672a61e60a26e2934796f088880ce4cb49605be


--- a/vp9/decoder/vp9_decodframe.c
+++ b/vp9/decoder/vp9_decodframe.c
@@ -802,6 +802,7 @@
                                        struct vp9_read_bit_buffer *rb) {
   VP9_COMMON *const cm = &pbi->common;
   MACROBLOCKD *const xd = &pbi->mb;
+  size_t sz;
   int i;
 
   cm->last_frame_type = cm->frame_type;
@@ -909,8 +910,9 @@
   setup_segmentation(&cm->seg, rb);
 
   setup_tile_info(cm, rb);
+  sz = vp9_rb_read_literal(rb, 16);
 
-  return vp9_rb_read_literal(rb, 16);
+  return sz > 0 ? sz : -1;
 }
 
 static int read_compressed_header(VP9D_COMP *pbi, const uint8_t *data,
--