Prevent invalid read

author Yaowu Xu <yaowu@google.com>

Wed, 18 May 2016 00:18:26 +0000 (17:18 -0700)

committer Johann <johannkoenig@google.com>

Mon, 18 Jul 2016 18:29:59 +0000 (11:29 -0700)
author Yaowu Xu <yaowu@google.com>
Wed, 18 May 2016 00:18:26 +0000 (17:18 -0700)
committer Johann <johannkoenig@google.com>
Mon, 18 Jul 2016 18:29:59 +0000 (11:29 -0700)
diff --git a/vp9/decoder/vp9_decodeframe.c b/vp9/decoder/vp9_decodeframe.c

index 84c757cc7dc4e8d2e856a902fee3a664b487b371..e1453f87f5c07e8ee4dd522a9f5cd9cdd9826511 100644 (file)
--- a/vp9/decoder/vp9_decodeframe.c
+++ b/vp9/decoder/vp9_decodeframe.c
@@ -1315,11 +1315,16 @@ static void setup_frame_size_with_refs(VP9_COMMON *cm,
    BufferPool *const pool = cm->buffer_pool;
    for (i = 0; i < REFS_PER_FRAME; ++i) {
      if (vpx_rb_read_bit(rb)) {
-      YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
-      width = buf->y_crop_width;
-      height = buf->y_crop_height;
-      found = 1;
-      break;
+      if (cm->frame_refs[i].idx != INVALID_IDX) {
+        YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
+        width = buf->y_crop_width;
+        height = buf->y_crop_height;
+        found = 1;
+        break;
+      } else {
+        vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+                           "Failed to decode frame size");
+      }
      }
    }
author	Yaowu Xu <yaowu@google.com>
	Wed, 18 May 2016 00:18:26 +0000 (17:18 -0700)
committer	Johann <johannkoenig@google.com>
	Mon, 18 Jul 2016 18:29:59 +0000 (11:29 -0700)