ref: 7350c59e7894cb7e487a0add9942d2b1b39f7161
parent: f821d9ad7b6c13cb52f226df473af4818cb619ed
author: James Almer <[email protected]>
date: Sat Mar 16 16:00:38 EDT 2019
decode: add a frame tile data buffer size check This check was already done in dav1d_parse_obus(), so it's added as an assert here for extra precaution.
--- a/src/decode.c
+++ b/src/decode.c
@@ -3196,6 +3196,7 @@
// FIXME qsort so tiles are in order (for frame threading)
if (f->n_tile_data_alloc < c->n_tile_data) {
freep(&f->tile);
+ assert(c->n_tile_data < INT_MAX / (int)sizeof(*f->tile));
f->tile = malloc(c->n_tile_data * sizeof(*f->tile));
if (!f->tile) goto error;
f->n_tile_data_alloc = c->n_tile_data;