ref: bdb8b3ad86b1f5e52fd8be82aba4c8cbc8c2aafb
parent: adbb4c4d32550d58668efeae2deca4db7d14383f
parent: 5fe82459ec5c1566a2532e51550fb15b380f80de
author: Johann Koenig <johannkoenig@google.com>
date: Thu Nov 9 14:50:04 EST 2017
Merge "fail early on oversize frames"
--- a/vpx_scale/generic/yv12config.c
+++ b/vpx_scale/generic/yv12config.c
@@ -9,6 +9,7 @@
*/
#include <assert.h>
+#include <limits.h>
#include "vpx_scale/yv12config.h"
#include "vpx_mem/vpx_mem.h"
@@ -165,6 +166,12 @@
uint8_t *buf = NULL;
+ // frame_size is stored in buffer_alloc_sz, which is an int. If it won't
+ // fit, fail early.
+ if (frame_size > INT_MAX) {+ return -1;
+ }
+
if (cb != NULL) {const int align_addr_extra_size = 31;
const uint64_t external_frame_size = frame_size + align_addr_extra_size;
@@ -192,8 +199,6 @@
// Allocation to hold larger frame, or first allocation.
vpx_free(ybf->buffer_alloc);
ybf->buffer_alloc = NULL;
-
- if (frame_size != (size_t)frame_size) return -1;
ybf->buffer_alloc = (uint8_t *)vpx_memalign(32, (size_t)frame_size);
if (!ybf->buffer_alloc) return -1;