From 062fb5056224b921a027bf4aa516c91ab45aa943 Mon Sep 17 00:00:00 2001 From: Yaowu Xu Date: Fri, 18 Oct 2013 10:32:56 -0700 Subject: [PATCH] Added checking for invalid size Change-Id: I9672a61e60a26e2934796f088880ce4cb49605be --- vp9/decoder/vp9_decodframe.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vp9/decoder/vp9_decodframe.c b/vp9/decoder/vp9_decodframe.c index b914de793..2f7347649 100644 --- a/vp9/decoder/vp9_decodframe.c +++ b/vp9/decoder/vp9_decodframe.c @@ -802,6 +802,7 @@ static size_t read_uncompressed_header(VP9D_COMP *pbi, struct vp9_read_bit_buffer *rb) { VP9_COMMON *const cm = &pbi->common; MACROBLOCKD *const xd = &pbi->mb; + size_t sz; int i; cm->last_frame_type = cm->frame_type; @@ -909,8 +910,9 @@ static size_t read_uncompressed_header(VP9D_COMP *pbi, setup_segmentation(&cm->seg, rb); setup_tile_info(cm, rb); + sz = vp9_rb_read_literal(rb, 16); - return vp9_rb_read_literal(rb, 16); + return sz > 0 ? sz : -1; } static int read_compressed_header(VP9D_COMP *pbi, const uint8_t *data,