41 lines
1.5 KiB
Diff
41 lines
1.5 KiB
Diff
|
From 99d079023372016da046eaea3719ba0f78da3322 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Vincent Rabaud <vrabaud@google.com>
|
||
|
|
Date: Mon, 9 Jul 2018 20:20:52 +0200
|
||
|
|
Subject: [PATCH] Make sure partition #0 is read before VP8 data in IDecode.
|
||
|
|
|
||
|
|
BUG=oss-fuzz:9186
|
||
|
|
|
||
|
|
Change-Id: Ie0b264b6422774343206ddba3c2820a0cf37ffc0
|
||
|
|
(cherry picked from commit 5f0f5c07c460c286c8da25f986e1b152079a79b8)
|
||
|
|
---
|
||
|
|
src/dec/idec_dec.c | 9 ++++++++-
|
||
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/dec/idec_dec.c b/src/dec/idec_dec.c
|
||
|
|
index 205ca7a5c..6a44236ab 100644
|
||
|
|
--- a/src/dec/idec_dec.c
|
||
|
|
+++ b/src/dec/idec_dec.c
|
||
|
|
@@ -449,7 +449,10 @@ static VP8StatusCode DecodeRemaining(WebPIDecoder* const idec) {
|
||
|
|
VP8Decoder* const dec = (VP8Decoder*)idec->dec_;
|
||
|
|
VP8Io* const io = &idec->io_;
|
||
|
|
|
||
|
|
- assert(dec->ready_);
|
||
|
|
+ // Make sure partition #0 has been read before, to set dec to ready_.
|
||
|
|
+ if (!dec->ready_) {
|
||
|
|
+ return IDecError(idec, VP8_STATUS_BITSTREAM_ERROR);
|
||
|
|
+ }
|
||
|
|
for (; dec->mb_y_ < dec->mb_h_; ++dec->mb_y_) {
|
||
|
|
if (idec->last_mb_y_ != dec->mb_y_) {
|
||
|
|
if (!VP8ParseIntraModeRow(&dec->br_, dec)) {
|
||
|
|
@@ -570,6 +573,10 @@ static VP8StatusCode IDecode(WebPIDecoder* idec) {
|
||
|
|
status = DecodePartition0(idec);
|
||
|
|
}
|
||
|
|
if (idec->state_ == STATE_VP8_DATA) {
|
||
|
|
+ const VP8Decoder* const dec = (VP8Decoder*)idec->dec_;
|
||
|
|
+ if (dec == NULL) {
|
||
|
|
+ return VP8_STATUS_SUSPENDED; // can't continue if we have no decoder.
|
||
|
|
+ }
|
||
|
|
status = DecodeRemaining(idec);
|
||
|
|
}
|
||
|
|
if (idec->state_ == STATE_VP8L_HEADER) {
|