shithub: libvpx

Download patch

ref: 80e5666cdcb3cd62907e7bb1d3618bf6c5a259db
parent: 89375f0315cf961493f535e900d35cb67d00d9e1
author: Johann <[email protected]>
date: Tue Dec 3 10:29:35 EST 2019

vp8 boolreader: ignore invalid input

Do basic initialization even when the result will not be used.

BUG=chromium:1026961

Change-Id: Iaa480534b49efe1ecc66484b316f8d654e8a1245

--- a/vp8/decoder/dboolhuff.c
+++ b/vp8/decoder/dboolhuff.c
@@ -15,7 +15,11 @@
 int vp8dx_start_decode(BOOL_DECODER *br, const unsigned char *source,
                        unsigned int source_sz, vpx_decrypt_cb decrypt_cb,
                        void *decrypt_state) {
-  br->user_buffer_end = source + source_sz;
+  // To simplify calling code this fuction can be called with |source| == null
+  // and |source_sz| == 0. This and vp8dx_bool_decoder_fill() are essentially
+  // no-ops in this case.
+  // Work around a ubsan warning with a ternary to avoid adding 0 to null.
+  br->user_buffer_end = source ? source + source_sz : source;
   br->user_buffer = source;
   br->value = 0;
   br->count = -8;