shithub: dav1d

Download patch

ref: 7350c59e7894cb7e487a0add9942d2b1b39f7161
parent: f821d9ad7b6c13cb52f226df473af4818cb619ed
author: James Almer <[email protected]>
date: Sat Mar 16 16:00:38 EDT 2019

decode: add a frame tile data buffer size check

This check was already done in dav1d_parse_obus(), so it's added as an assert
here for extra precaution.

--- a/src/decode.c
+++ b/src/decode.c
@@ -3196,6 +3196,7 @@
     // FIXME qsort so tiles are in order (for frame threading)
     if (f->n_tile_data_alloc < c->n_tile_data) {
         freep(&f->tile);
+        assert(c->n_tile_data < INT_MAX / (int)sizeof(*f->tile));
         f->tile = malloc(c->n_tile_data * sizeof(*f->tile));
         if (!f->tile) goto error;
         f->n_tile_data_alloc = c->n_tile_data;