ref: 8a30a2a4501a9e5c569d948d7f673dba69c9c944
parent: ace8ab89b7fdd8d43716abc2f38f1f673b3a5ee7
parent: 80e5666cdcb3cd62907e7bb1d3618bf6c5a259db
author: Johann Koenig <[email protected]>
date: Tue Dec 17 14:41:23 EST 2019
Merge "vp8 boolreader: ignore invalid input"
--- a/vp8/decoder/dboolhuff.c
+++ b/vp8/decoder/dboolhuff.c
@@ -15,7 +15,11 @@
int vp8dx_start_decode(BOOL_DECODER *br, const unsigned char *source,
unsigned int source_sz, vpx_decrypt_cb decrypt_cb,
void *decrypt_state) {- br->user_buffer_end = source + source_sz;
+ // To simplify calling code this fuction can be called with |source| == null
+ // and |source_sz| == 0. This and vp8dx_bool_decoder_fill() are essentially
+ // no-ops in this case.
+ // Work around a ubsan warning with a ternary to avoid adding 0 to null.
+ br->user_buffer_end = source ? source + source_sz : source;
br->user_buffer = source;
br->value = 0;
br->count = -8;