Trap reference frames of invalid size

author John Koleszar <jkoleszar@google.com>

Tue, 11 Jun 2013 21:24:53 +0000 (14:24 -0700)

committer Gerrit Code Review <gerrit@gerrit.golo.chromium.org>

Tue, 11 Jun 2013 22:16:38 +0000 (15:16 -0700)
author John Koleszar <jkoleszar@google.com>
Tue, 11 Jun 2013 21:24:53 +0000 (14:24 -0700)
committer Gerrit Code Review <gerrit@gerrit.golo.chromium.org>
Tue, 11 Jun 2013 22:16:38 +0000 (15:16 -0700)
diff --git a/vp9/decoder/vp9_decodframe.c b/vp9/decoder/vp9_decodframe.c

index f65d7c7cfb5818c8c8e24542204c83f6e5df09f0..703aa0623974749eba7c0e5a9d85e259672df0a5 100644 (file)
--- a/vp9/decoder/vp9_decodframe.c
+++ b/vp9/decoder/vp9_decodframe.c
@@ -807,6 +807,10 @@ static void setup_frame_size_with_refs(VP9D_COMP *pbi,
    if (!found)
      read_frame_size(cm, rb, &width, &height);
  
+  if (!width || !height)
+    vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+                       "Referenced frame with invalid size");
+
    setup_display_size(pbi, rb);
    apply_frame_size(pbi, width, height);
  }
author	John Koleszar <jkoleszar@google.com>
	Tue, 11 Jun 2013 21:24:53 +0000 (14:24 -0700)
committer	Gerrit Code Review <gerrit@gerrit.golo.chromium.org>
	Tue, 11 Jun 2013 22:16:38 +0000 (15:16 -0700)