Trap reference frames of invalid size A corrupt bitstream could refer to a reference frame that has no size. Change-Id: I56c3b71a9dbb58b498e9969403e289c0e574f948

commit: 76e0c95dd93d6ecddb43969a3124e70d3a4c2dbc [log] [tgz]
author: John Koleszar <jkoleszar@google.com> Tue Jun 11 14:24:53 2013 -0700
committer: Gerrit Code Review <gerrit@gerrit.golo.chromium.org> Tue Jun 11 15:16:38 2013 -0700
tree: e56920a3bb8808afbbebe2eaf7909ff20781c060
parent: 2bcc4736028e41862191916ffd711651d14519e1 [diff] [blame]
diff --git a/vp9/decoder/vp9_decodframe.c b/vp9/decoder/vp9_decodframe.c
index f65d7c7..703aa06 100644
--- a/vp9/decoder/vp9_decodframe.c
+++ b/vp9/decoder/vp9_decodframe.c

@@ -807,6 +807,10 @@
   if (!found)
     read_frame_size(cm, rb, &width, &height);
 
+  if (!width || !height)
+    vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+                       "Referenced frame with invalid size");
+
   setup_display_size(pbi, rb);
   apply_frame_size(pbi, width, height);
 }
commit	76e0c95dd93d6ecddb43969a3124e70d3a4c2dbc	[log] [tgz]
author	John Koleszar <jkoleszar@google.com>	Tue Jun 11 14:24:53 2013 -0700
committer	Gerrit Code Review <gerrit@gerrit.golo.chromium.org>	Tue Jun 11 15:16:38 2013 -0700
tree	e56920a3bb8808afbbebe2eaf7909ff20781c060
parent	2bcc4736028e41862191916ffd711651d14519e1 [diff] [blame]