ref: f72b1fea02011dcdc36304b4206b9f9c91726c31
parent: 7b454ebb7990c7a54d33b954326af66f7e868548
author: James Almer <jamrial@gmail.com>
date: Fri Dec 7 12:04:16 EST 2018
annexb: ensure that OBU size <= frame size <= TU size
--- a/tools/input/annexb.c
+++ b/tools/input/annexb.c
@@ -97,11 +97,11 @@
}
if (!c->frame_unit_size) {res = leb128(c, &c->frame_unit_size);
- if (res < 0) return -1;
+ if (res < 0 || (c->frame_unit_size + res) > c->temporal_unit_size) return -1;
c->temporal_unit_size -= res;
}
res = leb128(c, &len);
- if (res < 0) return -1;
+ if (res < 0 || (len + res) > c->frame_unit_size) return -1;
uint8_t *ptr = dav1d_data_create(data, len);
if (!ptr) return -1;
c->temporal_unit_size -= len + res;