ref: 738b829b8cdf079a5fa48c74a28a177c9567d212
parent: a9bbff1049ea774ed07286d979dbda7e7f2fe430
author: Johann <johannkoenig@google.com>
date: Fri Jan 26 10:50:50 EST 2018
Fix incorrect size reading Cherry pick from vp9: commit 85770264ac891505730dcd5092d1993a62c74060 Guard against incorrect size values moving *data past data_end. Check read length against the difference of the buffers. Change-Id: I5e8679ddd447c4d73deb80be5ec94841a92c5fcd
--- a/vp8/decoder/decodeframe.c
+++ b/vp8/decoder/decodeframe.c
@@ -674,7 +674,7 @@
static int read_is_valid(const unsigned char *start, size_t len,
const unsigned char *end) {- return (start + len > start && start + len <= end);
+ return len != 0 && len <= (size_t)(end - start);
}
static unsigned int read_available_partition_size(