shithub: libvpx

Download patch

ref: fdb64ec289799aff8ece9d9e0dd8fa1ab7afbcec
parent: de3a7e26303c884e9b4ee8f2c1c855a717d57b17
parent: c59c84fc741a59ec8ecad9aec30e4feadb43913f
author: Johann Koenig <johannkoenig@google.com>
date: Wed Jan 31 09:23:49 EST 2018

Merge "vp8 bool: verify buffer size"

--- a/test/invalid_file_test.cc
+++ b/test/invalid_file_test.cc
@@ -123,6 +123,7 @@
 #if CONFIG_VP8_DECODER
 const DecodeParam kVP8InvalidFileTests[] = {
   { 1, "invalid-bug-1443.ivf" },
+  { 1, "invalid-token-partition.ivf" },
 };
 
 VP8_INSTANTIATE_TEST_CASE(InvalidFileTest,
--- a/test/test-data.mk
+++ b/test/test-data.mk
@@ -734,6 +734,8 @@
 # Invalid files for testing libvpx error checking.
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-1443.ivf
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-1443.ivf.res
+LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-token-partition.ivf
+LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-token-partition.ivf.res
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-vp80-00-comprehensive-018.ivf.2kf_0x6.ivf
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-vp80-00-comprehensive-018.ivf.2kf_0x6.ivf.res
 LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-01-v3.webm
--- a/test/test-data.sha1
+++ b/test/test-data.sha1
@@ -852,5 +852,7 @@
 d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-crbug-667044.webm.res
 fd9df7f3f6992af1d7a9dde975c9a0d6f28c053d *invalid-bug-1443.ivf
 fd3020fa6e9ca5966206738654c97dec313b0a95 *invalid-bug-1443.ivf.res
+1a0e405606939f2febab1a21b30c37cb8f2c8cb1 *invalid-token-partition.ivf
+90a8a95e7024f015b87f5483a65036609b3d1b74 *invalid-token-partition.ivf.res
 17696cd21e875f1d6e5d418cbf89feab02c8850a *vp90-2-22-svc_1280x720_1.webm
 e2f9e1e47a791b4e939a9bdc50bf7a25b3761f77 *vp90-2-22-svc_1280x720_1.webm.md5
--- a/vp8/decoder/decodeframe.c
+++ b/vp8/decoder/decodeframe.c
@@ -674,7 +674,7 @@
 
 static int read_is_valid(const unsigned char *start, size_t len,
                          const unsigned char *end) {
-  return len != 0 && len <= (size_t)(end - start);
+  return len != 0 && end > start && len <= (size_t)(end - start);
 }
 
 static unsigned int read_available_partition_size(