search

dinhminhquoi / webm

Automatically exported from code.google.com/p/webm
0 stars 0 forks source link

Uninitialized memory read in decodeframe.c #765

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/libvpx/so
urce/libvpx/vp8/decoder/decodeframe.c&l=634 reads
ref_buffer[xd->mode_info_context->mbmi.ref_frame][0] + recon_yoffset;
but ref_buffer[i] is only initialized for i=1..(MAX_REF_FRAMES-1), and yet e.g. 
bear.webm triggers a value of 0 for
xd->mode_info_context->mbmi.ref_frame

Should the initialization loop at 
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/libvpx/so
urce/libvpx/vp8/decoder/decodeframe.c&l=527 simply start at i=0 instead of i=1, 
or is there a deeper bug here (i.e. that 0 should never be an index)?

Original issue reported on code.google.com by fischman@chromium.org on 16 Apr 2014 at 6:36

GoogleCodeExporter commented 8 years ago 
proposing a fix at upstream here: 
https://gerrit.chromium.org/gerrit/#/c/69790/

Original comment by ya...@google.com on 16 Apr 2014 at 7:26