From 80e5666cdcb3cd62907e7bb1d3618bf6c5a259db Mon Sep 17 00:00:00 2001
From: Johann <johannkoenig@google.com>
Date: Tue, 3 Dec 2019 15:29:35 -0800
Subject: [PATCH] vp8 boolreader: ignore invalid input

Do basic initialization even when the result will not be used.

BUG=chromium:1026961

Change-Id: Iaa480534b49efe1ecc66484b316f8d654e8a1245
---
 vp8/decoder/dboolhuff.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/vp8/decoder/dboolhuff.c b/vp8/decoder/dboolhuff.c
index 9cf74bf85..4cfaef05c 100644
--- a/vp8/decoder/dboolhuff.c
+++ b/vp8/decoder/dboolhuff.c
@@ -15,7 +15,11 @@
 int vp8dx_start_decode(BOOL_DECODER *br, const unsigned char *source,
                        unsigned int source_sz, vpx_decrypt_cb decrypt_cb,
                        void *decrypt_state) {
-  br->user_buffer_end = source + source_sz;
+  // To simplify calling code this fuction can be called with |source| == null
+  // and |source_sz| == 0. This and vp8dx_bool_decoder_fill() are essentially
+  // no-ops in this case.
+  // Work around a ubsan warning with a ternary to avoid adding 0 to null.
+  br->user_buffer_end = source ? source + source_sz : source;
   br->user_buffer = source;
   br->value = 0;
   br->count = -8;
-- 
2.40.0