ref: c496fab4abbc8ec28fa575d38119d35eaffb91bb
parent: 4aa0363a342613b41034911ba5a5d285bf9c7335
author: Janne Grunau <janne-vlc@jannau.net>
date: Sun Nov 18 17:02:47 EST 2018
decode: check once per tile sb row for symbol decoder overreads
--- a/src/decode.c
+++ b/src/decode.c
@@ -2374,6 +2374,9 @@
return 0;
}
+ // error out on symbol decoder overread
+ if (ts->msac.cnt < -15) return 1;
+
if (c->n_fc > 1 && f->frame_hdr.use_ref_frame_mvs) {
for (int n = 0; n < 7; n++)
if (dav1d_thread_picture_wait(&f->refp[n], 4 * (t->by + sb_step),