Fix vpxdec fuzz failure.

BUG=webm:1495 Change-Id: Ibaee35aa5e8e00847c61e707f2c9b4c0cff23673
author: Jerome Jiang <jianj@google.com> 2018-03-20 10:34:26 -0700
committer: Jerome Jiang <jianj@google.com> 2018-05-10 15:06:43 -0700
commit: 76d588902aaab35c639d9ef376f891af6c7f291a (patch)
tree: 975dd0d09b155adb73de3fce0f78b8d5991bcda6 /vp8/decoder
parent: df1e06ed0bb5ad378dd63c5c12f26ed563ae7aaa (diff)
download: libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar
libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar.gz
libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar.bz2
libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/vp8/decoder/decodeframe.c b/vp8/decoder/decodeframe.c
index 8bfd3cea3..0d54a9442 100644
--- a/vp8/decoder/decodeframe.c
+++ b/vp8/decoder/decodeframe.c
@@ -686,6 +686,12 @@ static unsigned int read_available_partition_size(
   const unsigned char *partition_size_ptr = token_part_sizes + i * 3;
   unsigned int partition_size = 0;
   ptrdiff_t bytes_left = fragment_end - fragment_start;
+  if (bytes_left < 0) {
+    vpx_internal_error(
+        &pc->error, VPX_CODEC_CORRUPT_FRAME,
+        "Truncated packet or corrupt partition. No bytes left %d.",
+        (int)bytes_left);
+  }
   /* Calculate the length of this partition. The last partition
    * size is implicit. If the partition size can't be read, then
    * either use the remaining data in the buffer (for EC mode)
author	Jerome Jiang <jianj@google.com>	2018-03-20 10:34:26 -0700
committer	Jerome Jiang <jianj@google.com>	2018-05-10 15:06:43 -0700
commit	76d588902aaab35c639d9ef376f891af6c7f291a (patch)
tree	975dd0d09b155adb73de3fce0f78b8d5991bcda6 /vp8/decoder
parent	df1e06ed0bb5ad378dd63c5c12f26ed563ae7aaa (diff)
download	libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar.gz libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar.bz2 libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.zip