shithub: libvpx

--- a/test/invalid_file_test.cc

+++ b/test/invalid_file_test.cc

@@ -123,6 +123,7 @@

 #if CONFIG_VP8_DECODER

 const DecodeParam kVP8InvalidFileTests[] = {

   { 1, "invalid-bug-1443.ivf" },

+  { 1, "invalid-token-partition.ivf" },

};

 VP8_INSTANTIATE_TEST_CASE(InvalidFileTest,

--- a/test/test-data.mk

+++ b/test/test-data.mk

@@ -734,6 +734,8 @@

 # Invalid files for testing libvpx error checking.

 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-1443.ivf

 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-1443.ivf.res

+LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-token-partition.ivf

+LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-token-partition.ivf.res

 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-vp80-00-comprehensive-018.ivf.2kf_0x6.ivf

 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-vp80-00-comprehensive-018.ivf.2kf_0x6.ivf.res

 LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-01-v3.webm

--- a/test/test-data.sha1

+++ b/test/test-data.sha1

@@ -852,5 +852,7 @@

 d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-crbug-667044.webm.res

 fd9df7f3f6992af1d7a9dde975c9a0d6f28c053d *invalid-bug-1443.ivf

 fd3020fa6e9ca5966206738654c97dec313b0a95 *invalid-bug-1443.ivf.res

+1a0e405606939f2febab1a21b30c37cb8f2c8cb1 *invalid-token-partition.ivf

+90a8a95e7024f015b87f5483a65036609b3d1b74 *invalid-token-partition.ivf.res

 17696cd21e875f1d6e5d418cbf89feab02c8850a *vp90-2-22-svc_1280x720_1.webm

 e2f9e1e47a791b4e939a9bdc50bf7a25b3761f77 *vp90-2-22-svc_1280x720_1.webm.md5

--- a/vp8/decoder/decodeframe.c

+++ b/vp8/decoder/decodeframe.c

@@ -674,7 +674,7 @@

 static int read_is_valid(const unsigned char *start, size_t len,

                          const unsigned char *end) {

-  return len != 0 && len <= (size_t)(end - start);

+  return len != 0 && end > start && len <= (size_t)(end - start);

 static unsigned int read_available_partition_size(