shithub: libvpx

Info  •  Files  •  Log  •  Branches

Merge "Properly validate data size"

--- a/vp9/vp9_dx_iface.c

+++ b/vp9/vp9_dx_iface.c

@@ -148,7 +148,11 @@

     if (frame_marker != VP9_FRAME_MARKER)

       return VPX_CODEC_UNSUP_BITSTREAM;

-    if (profile >= MAX_PROFILES) return VPX_CODEC_UNSUP_BITSTREAM;

+    if (profile >= MAX_PROFILES)

+      return VPX_CODEC_UNSUP_BITSTREAM;

+

+    if ((profile >= 2 && data_sz <= 1) || data_sz < 1)

+      return VPX_CODEC_UNSUP_BITSTREAM;

     if (vp9_rb_read_bit(&rb)) {  // show an existing frame

       vp9_rb_read_literal(&rb, 3);  // Frame buffer to show.