ref: 56dbf1ca6c7031aefef69d3493ac97b1f09f8c6f
parent: 64742f825d1e17a33ed412001414848789258e03
parent: abf0df08f167324b9c47c77465b1f3e6ee2ce067
author: Jim Bankoski <jimbankoski@google.com>
date: Tue Jul 1 12:48:45 EDT 2014
Merge "validate uv block size when reading partition"
--- a/vp9/decoder/vp9_decodeframe.c
+++ b/vp9/decoder/vp9_decodeframe.c
@@ -410,7 +410,7 @@
vp9_reader* r, BLOCK_SIZE bsize) {
const int hbs = num_8x8_blocks_wide_lookup[bsize] / 2;
PARTITION_TYPE partition;
- BLOCK_SIZE subsize;
+ BLOCK_SIZE subsize, uv_subsize;
if (mi_row >= cm->mi_rows || mi_col >= cm->mi_cols)
return;
@@ -417,6 +417,10 @@
partition = read_partition(cm, xd, hbs, mi_row, mi_col, bsize, r);
subsize = get_subsize(bsize, partition);
+ uv_subsize = ss_size_lookup[subsize][cm->subsampling_x][cm->subsampling_y];
+ if (subsize >= BLOCK_8X8 && uv_subsize == BLOCK_INVALID)
+ vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+ "Invalid block size.");
if (subsize < BLOCK_8X8) {
decode_block(cm, xd, tile, mi_row, mi_col, r, subsize);
} else {
--
⑨