Commit 5eb471c0 authored by Rupert Swarbrick's avatar Rupert Swarbrick

Catch invalid streams starting with intra-only frames

This adds a check (and internal error on failure) to make sure that a
stream that starts with an intra-only frame cannot refer to a slot
that hasn't been written in a subsequent inter frame.

BUG=aomedia:849

Change-Id: I39a371bd38f53413187a64de1067f9ab8f00b833
parent 3ed2d23f
......@@ -4856,6 +4856,17 @@ static size_t read_uncompressed_header(AV1Decoder *pbi,
for (i = 0; i < INTER_REFS_PER_FRAME; ++i) {
const int ref = aom_rb_read_literal(rb, REF_FRAMES_LOG2);
const int idx = cm->ref_frame_map[ref];
// Most of the time, streams start with a keyframe. In that case,
// ref_frame_map will have been filled in at that point and will not
// contain any -1's. However, streams are explicitly allowed to start
// with an intra-only frame, so long as they don't then signal a
// reference to a slot that hasn't been set yet. That's what we are
// checking here.
if (idx == -1)
aom_internal_error(&cm->error, AOM_CODEC_CORRUPT_FRAME,
"Inter frame requests nonexistent reference");
RefBuffer *const ref_frame = &cm->frame_refs[i];
ref_frame->idx = idx;
ref_frame->buf = &frame_bufs[idx].buf;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment