ref: 80e5666cdcb3cd62907e7bb1d3618bf6c5a259db
parent: 89375f0315cf961493f535e900d35cb67d00d9e1
author: Johann <johannkoenig@google.com>
date: Tue Dec 3 10:29:35 EST 2019
vp8 boolreader: ignore invalid input Do basic initialization even when the result will not be used. BUG=chromium:1026961 Change-Id: Iaa480534b49efe1ecc66484b316f8d654e8a1245
--- a/vp8/decoder/dboolhuff.c
+++ b/vp8/decoder/dboolhuff.c
@@ -15,7 +15,11 @@
int vp8dx_start_decode(BOOL_DECODER *br, const unsigned char *source,
unsigned int source_sz, vpx_decrypt_cb decrypt_cb,
void *decrypt_state) {- br->user_buffer_end = source + source_sz;
+ // To simplify calling code this fuction can be called with |source| == null
+ // and |source_sz| == 0. This and vp8dx_bool_decoder_fill() are essentially
+ // no-ops in this case.
+ // Work around a ubsan warning with a ternary to avoid adding 0 to null.
+ br->user_buffer_end = source ? source + source_sz : source;
br->user_buffer = source;
br->value = 0;
br->count = -8;