From: James Zern <jzern@google.com>
Date: Wed, 27 Jul 2022 02:26:23 +0000 (-0700)
Subject: vp9,decoder_decode: fix ubsan null/zero offset warning
X-Git-Tag: v1.13.0-rc1~125^2~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed78231aa54c131018c0c9415cf416beac97a698;p=libvpx

vp9,decoder_decode: fix ubsan null/zero offset warning

reported under clang-13. null data may be passed as a flush; move
data_end after that check

vp9/vp9_dx_iface.c:337:40: runtime error: applying zero offset to null
pointer

Bug: b/229626362
Change-Id: I845726fd6eb6ac7a776e49272c6477a5ad30ffdf
---

diff --git a/vp9/vp9_dx_iface.c b/vp9/vp9_dx_iface.c
index 3c42c7dfe..bdfe21793 100644
--- a/vp9/vp9_dx_iface.c
+++ b/vp9/vp9_dx_iface.c
@@ -334,7 +334,6 @@ static vpx_codec_err_t decoder_decode(vpx_codec_alg_priv_t *ctx,
                                       const uint8_t *data, unsigned int data_sz,
                                       void *user_priv, long deadline) {
   const uint8_t *data_start = data;
-  const uint8_t *const data_end = data + data_sz;
   vpx_codec_err_t res;
   uint32_t frame_sizes[8];
   int frame_count;
@@ -362,6 +361,7 @@ static vpx_codec_err_t decoder_decode(vpx_codec_alg_priv_t *ctx,
 
   // Decode in serial mode.
   if (frame_count > 0) {
+    const uint8_t *const data_end = data + data_sz;
     int i;
 
     for (i = 0; i < frame_count; ++i) {
@@ -379,6 +379,7 @@ static vpx_codec_err_t decoder_decode(vpx_codec_alg_priv_t *ctx,
       data_start += frame_size;
     }
   } else {
+    const uint8_t *const data_end = data + data_sz;
     while (data_start < data_end) {
       const uint32_t frame_size = (uint32_t)(data_end - data_start);
       const vpx_codec_err_t res =