ref: ea1d0a6b53e83c3f2e89aac06d47e39123f706a4
parent: 3fa713caeec5b3ae7dbc78c5f921c06a11151431
parent: 738b829b8cdf079a5fa48c74a28a177c9567d212
author: Johann Koenig <johannkoenig@google.com>
date: Fri Jan 26 20:42:58 EST 2018
Merge "Fix incorrect size reading"
--- a/vp8/decoder/decodeframe.c
+++ b/vp8/decoder/decodeframe.c
@@ -674,7 +674,7 @@
static int read_is_valid(const unsigned char *start, size_t len,
const unsigned char *end) {- return (start + len > start && start + len <= end);
+ return len != 0 && len <= (size_t)(end - start);
}
static unsigned int read_available_partition_size(