shithub: libvpx

Info • Files • Log • Branches

ref: 94a65e8fbaa3e50b686147b4dd75c79c2154c2d6
parent: c934d9d65c95c6cc783e20b3289af4608213d03a
author: Wan-Teh Chang <wtc@google.com>
date: Tue Jul 24 08:14:54 EDT 2018

Check size limit in vpx_realloc_frame_buffer.

If CONFIG_SIZE_LIMIT is defined, vpx_realloc_frame_buffer should fail if
width or height is too big.

This carries over commit ebc2714d71a834fc32a19eef0a81f51fbc47db01 of
libaom: https://aomedia-review.googlesource.com/c/aom/+/65521

Change-Id: Id7645c5cefbe1847714695d41f506ff30ea985f6

--- a/vpx_scale/generic/yv12config.c

+++ b/vpx_scale/generic/yv12config.c

@@ -143,6 +143,10 @@

                              vpx_codec_frame_buffer_t *fb,

                              vpx_get_frame_buffer_cb_fn_t cb, void *cb_priv) {

   if (ybf) {

+#if CONFIG_SIZE_LIMIT

+    if (width > DECODE_WIDTH_LIMIT || height > DECODE_HEIGHT_LIMIT) return -1;

+#endif

     const int vp9_byte_align = (byte_alignment == 0) ? 1 : byte_alignment;

     const int aligned_width = (width + 7) & ~7;

     const int aligned_height = (height + 7) & ~7;