From 76e0c95dd93d6ecddb43969a3124e70d3a4c2dbc Mon Sep 17 00:00:00 2001
From: John Koleszar <jkoleszar@google.com>
Date: Tue, 11 Jun 2013 14:24:53 -0700
Subject: [PATCH] Trap reference frames of invalid size

A corrupt bitstream could refer to a reference frame that has no size.

Change-Id: I56c3b71a9dbb58b498e9969403e289c0e574f948
---
 vp9/decoder/vp9_decodframe.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/vp9/decoder/vp9_decodframe.c b/vp9/decoder/vp9_decodframe.c
index f65d7c7cfb..703aa06239 100644
--- a/vp9/decoder/vp9_decodframe.c
+++ b/vp9/decoder/vp9_decodframe.c
@@ -807,6 +807,10 @@ static void setup_frame_size_with_refs(VP9D_COMP *pbi,
   if (!found)
     read_frame_size(cm, rb, &width, &height);
 
+  if (!width || !height)
+    vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+                       "Referenced frame with invalid size");
+
   setup_display_size(pbi, rb);
   apply_frame_size(pbi, width, height);
 }
-- 
GitLab