diff options
author | Jerome Jiang <jianj@google.com> | 2018-03-20 10:34:26 -0700 |
---|---|---|
committer | Jerome Jiang <jianj@google.com> | 2018-05-10 15:06:43 -0700 |
commit | 76d588902aaab35c639d9ef376f891af6c7f291a (patch) | |
tree | 975dd0d09b155adb73de3fce0f78b8d5991bcda6 /vp8/decoder | |
parent | df1e06ed0bb5ad378dd63c5c12f26ed563ae7aaa (diff) | |
download | libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar.gz libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.tar.bz2 libvpx-76d588902aaab35c639d9ef376f891af6c7f291a.zip |
Fix vpxdec fuzz failure.
BUG=webm:1495
Change-Id: Ibaee35aa5e8e00847c61e707f2c9b4c0cff23673
Diffstat (limited to 'vp8/decoder')
-rw-r--r-- | vp8/decoder/decodeframe.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/vp8/decoder/decodeframe.c b/vp8/decoder/decodeframe.c index 8bfd3cea3..0d54a9442 100644 --- a/vp8/decoder/decodeframe.c +++ b/vp8/decoder/decodeframe.c @@ -686,6 +686,12 @@ static unsigned int read_available_partition_size( const unsigned char *partition_size_ptr = token_part_sizes + i * 3; unsigned int partition_size = 0; ptrdiff_t bytes_left = fragment_end - fragment_start; + if (bytes_left < 0) { + vpx_internal_error( + &pc->error, VPX_CODEC_CORRUPT_FRAME, + "Truncated packet or corrupt partition. No bytes left %d.", + (int)bytes_left); + } /* Calculate the length of this partition. The last partition * size is implicit. If the partition size can't be read, then * either use the remaining data in the buffer (for EC mode) |