ref: a8cfbbe33f0e43554eef93660610b70b42d1fcf3
parent: 4aa76912252d272b8d0bfdc98ced68170c5111a0
author: James Zern <[email protected]>
date: Thu May 8 16:20:20 EDT 2014
vp9_dx_iface: subtract ptrs to validate frame_size Change-Id: Ic5a6a4a2fec802d9c9c7a71dbae59d5b4d3a8b23
--- a/vp9/vp9_dx_iface.c
+++ b/vp9/vp9_dx_iface.c
@@ -417,7 +417,8 @@
for (i = 0; i < frame_count; ++i) {const uint32_t frame_size = frame_sizes[i];
- if (data_start < data || data_start + frame_size >= data_end) {+ if (data_start < data ||
+ frame_size > (uint32_t)(data_end - data_start)) {ctx->base.err_detail = "Invalid frame size in index";
return VPX_CODEC_CORRUPT_FRAME;
}