Commit 57347c19 authored by Janne Grunau's avatar Janne Grunau

decode_b: make sure seg_id is valid

Fixes heap overflow with
david-fuzzing-data:artifacts/crash-5c3b00780bb24ac2e123c3f172b1e4829bc98aa5.
parent f7830788
......@@ -773,6 +773,7 @@ static void decode_b(Dav1dTileContext *const t,
b->seg_id = neg_deinterleave(diff, pred_seg_id,
last_active_seg_id + 1);
if (b->seg_id > last_active_seg_id) b->seg_id = 0; // error?
if (b->seg_id >= NUM_SEGMENTS) b->seg_id = 0; // error?
}
if (DEBUG_BLOCK_INFO)
......@@ -821,6 +822,7 @@ static void decode_b(Dav1dTileContext *const t,
last_active_seg_id + 1);
if (b->seg_id > last_active_seg_id) b->seg_id = 0; // error?
}
if (b->seg_id >= NUM_SEGMENTS) b->seg_id = 0; // error?
}
if (DEBUG_BLOCK_INFO)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment