Avoid OOB reads when a stream contains an invalid OBU size. BUG=aomedia:1146 Change-Id: I77073b67b1924e8649d5135ee8fc9020c6cc0b8c

commit: adbbaa284bbb6c36bc923e67be86a7f0127b79be [log] [tgz]
author: Tom Finegan <tomfinegan@google.com> Mon Feb 26 10:07:23 2018 -0800
committer: Tom Finegan <tomfinegan@google.com> Mon Feb 26 19:41:48 2018 +0000
tree: 940c016c367fbf8ef5c9d3d6738ac5b935bd45d0
parent: ce340c30ab9e28fd4cca69f538d3dad183538537 [diff]
diff --git a/av1/decoder/obu.c b/av1/decoder/obu.c
index f5a194c..f39f41e 100644
--- a/av1/decoder/obu.c
+++ b/av1/decoder/obu.c

@@ -299,6 +299,11 @@
     const size_t length_field_size = PRE_OBU_SIZE_BYTES;
 #endif  // CONFIG_OBU_SIZING
 
+    if (obu_size > bytes_available) {
+      cm->error.error_code = AOM_CODEC_CORRUPT_FRAME;
+      return;
+    }
+
     av1_init_read_bit_buffer(pbi, &rb, data + length_field_size, data_end);
 
 #if !CONFIG_SCALABILITY
commit	adbbaa284bbb6c36bc923e67be86a7f0127b79be	[log] [tgz]
author	Tom Finegan <tomfinegan@google.com>	Mon Feb 26 10:07:23 2018 -0800
committer	Tom Finegan <tomfinegan@google.com>	Mon Feb 26 19:41:48 2018 +0000
tree	940c016c367fbf8ef5c9d3d6738ac5b935bd45d0
parent	ce340c30ab9e28fd4cca69f538d3dad183538537 [diff]