Commit 669e7b74 authored by Yaowu Xu's avatar Yaowu Xu Committed by Johann

Prevent invalid read

This commit adds a check before reading into RefBuffer to prevent OOB
read.

BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=612023

(cherry picked from commit 4f0e4d6c)

Change-Id: I4f0732d4ca92f79b57103bffcff15499073e79a4
parent 62a57630
......@@ -1315,11 +1315,16 @@ static void setup_frame_size_with_refs(VP9_COMMON *cm,
BufferPool *const pool = cm->buffer_pool;
for (i = 0; i < REFS_PER_FRAME; ++i) {
if (vpx_rb_read_bit(rb)) {
YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
width = buf->y_crop_width;
height = buf->y_crop_height;
found = 1;
break;
if (cm->frame_refs[i].idx != INVALID_IDX) {
YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
width = buf->y_crop_width;
height = buf->y_crop_height;
found = 1;
break;
} else {
vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
"Failed to decode frame size");
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment