shithub: dav1d

Info  •  Files  •  Log  •  Branches

obu/tile_group: simplify tile group order to check

The simplified versions catches tg_start != 0 for the first tile group
too. Fixes a heap-buffer-overflow in setup_tile when the first tile index is
larger than 0 but the number of tiles is correct. Fixes #61, #73.

--- a/src/obu.c

+++ b/src/obu.c

@@ -1046,10 +1046,9 @@

         c->tile[c->n_tile_data].data.ref = in->ref;

         c->tile[c->n_tile_data].data.data = in->data + off;

         c->tile[c->n_tile_data].data.sz = len + init_off - off;

+        // ensure tile groups are in order and sane, see 6.10.1

         if (c->tile[c->n_tile_data].start > c->tile[c->n_tile_data].end ||

-            (c->n_tile_data > 0 &&

-             (c->tile[c->n_tile_data].start !=

-              c->tile[c->n_tile_data - 1].end + 1)))

+            c->tile[c->n_tile_data].start != c->n_tiles)

         {

             for (int i = 0; i <= c->n_tile_data; i++)

                 dav1d_data_unref(&c->tile[i].data);