ref: 45dbe94ee01491444a1001c62e1d27981bed51f3
parent: 9d98e936b53dbd52902bd922f50530d4ec29ff7c
author: Yaowu Xu <yaowu@google.com>
date: Tue Oct 15 05:17:11 EDT 2013
Add clamp to prevent out of bound access For bad input data, the decoder may access the array out of bounds. The commit added clamp to prevent such out of bound access Change-Id: I0a1cfd9b8786ea7113a998053c76605c963b077a
--- a/vp9/decoder/vp9_dsubexp.c
+++ b/vp9/decoder/vp9_dsubexp.c
@@ -48,8 +48,6 @@
static int inv_remap_prob(int v, int m) { static int inv_map_table[MAX_PROB - 1] = {- // generated by:
- // inv_map_table[j] = merge_index(j, MAX_PROB - 1, MODULUS_PARAM);
6, 19, 32, 45, 58, 71, 84, 97, 110, 123, 136, 149, 162, 175, 188,
201, 214, 227, 240, 253, 0, 1, 2, 3, 4, 5, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26,
@@ -66,9 +64,11 @@
190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 202, 203, 204, 205,
206, 207, 208, 209, 210, 211, 212, 213, 215, 216, 217, 218, 219, 220, 221,
222, 223, 224, 225, 226, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237,
- 238, 239, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252,
+ 238, 239, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252
};
- // v = merge_index(v, MAX_PROBS - 1, MODULUS_PARAM);
+ // The clamp is not necessary for conforming VP9 stream, it is added to
+ // prevent out of bound access for bad input data
+ v = clamp(v, 0, 253);
v = inv_map_table[v];
m--;
if ((m << 1) <= MAX_PROB) {