Google Git
Sign in
aomedia/aom/adbbaa284bbb6c36bc923e67be86a7f0127b79be^!/.
commit
adbbaa284bbb6c36bc923e67be86a7f0127b79be
[log]
author
Tom Finegan <tomfinegan@google.com>
Mon Feb 26 10:07:23 2018 -0800
committer
Tom Finegan <tomfinegan@google.com>
Mon Feb 26 19:41:48 2018 +0000
tree
940c016c367fbf8ef5c9d3d6738ac5b935bd45d0
parent
ce340c30ab9e28fd4cca69f538d3dad183538537 [diff]
Avoid OOB reads when a stream contains an invalid OBU size.

BUG=aomedia:1146

Change-Id: I77073b67b1924e8649d5135ee8fc9020c6cc0b8c

diff --git a/av1/decoder/obu.c b/av1/decoder/obu.c
index f5a194c..f39f41e 100644
--- a/av1/decoder/obu.c
+++ b/av1/decoder/obu.c

@@ -299,6 +299,11 @@
     const size_t length_field_size = PRE_OBU_SIZE_BYTES;
 #endif  // CONFIG_OBU_SIZING
 
+    if (obu_size > bytes_available) {
+      cm->error.error_code = AOM_CODEC_CORRUPT_FRAME;
+      return;
+    }
+
     av1_init_read_bit_buffer(pbi, &rb, data + length_field_size, data_end);
 
 #if !CONFIG_SCALABILITY