shithub: libvpx

Download patch

ref: 489f8b2d882691bffd88cc4a54ccb4ea6d553bd0
parent: 146ccd304f146c3e5dccb35733b1ee49a446d5ce
parent: 4f0e4d6cef827bc452848e126a6bedc47424da88
author: Yaowu Xu <[email protected]>
date: Wed May 18 19:54:55 EDT 2016 

Merge "Prevent invalid read"


--- a/vp9/decoder/vp9_decodeframe.c
+++ b/vp9/decoder/vp9_decodeframe.c
@@ -1315,11 +1315,16 @@
   BufferPool *const pool = cm->buffer_pool;
   for (i = 0; i < REFS_PER_FRAME; ++i) {
     if (vpx_rb_read_bit(rb)) {
-      YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
-      width = buf->y_crop_width;
-      height = buf->y_crop_height;
-      found = 1;
-      break;
+      if (cm->frame_refs[i].idx != INVALID_IDX) {
+        YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
+        width = buf->y_crop_width;
+        height = buf->y_crop_height;
+        found = 1;
+        break;
+      } else {
+        vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+                           "Failed to decode frame size");
+      }
     }
   }