ref: 46e17f0cb4a80b36755c84b8bf15731d3386c08f
parent: b625feb3588e7e598fab2c0df1e28f2ea0a7b3e1
author: kyslov <kyslov@google.com>
date: Fri Jan 4 12:04:09 EST 2019
Fix OOB memory access on fuzzed data vp8_norm table has 256 elements while index to it can be higher on fuzzed data. Typecasting it to unsigned char will ensure valid range and will trigger proper error later. Also declaring "shift" as unsigned char to avoid UB sanitizer warning BUG=b/122373286,b/122373822,b/122371119 Change-Id: I3cef1d07f107f061b1504976a405fa0865afe9f5
--- a/vp8/decoder/dboolhuff.h
+++ b/vp8/decoder/dboolhuff.h
@@ -76,7 +76,7 @@
}
{- const int shift = vp8_norm[range];
+ const unsigned char shift = vp8_norm[(unsigned char)range];
range <<= shift;
value <<= shift;
count -= shift;
--- a/vpx_dsp/bitreader.h
+++ b/vpx_dsp/bitreader.h
@@ -94,7 +94,7 @@
}
{- const int shift = vpx_norm[range];
+ const unsigned char shift = vpx_norm[(unsigned char)range];
range <<= shift;
value <<= shift;
count -= shift;