This fixes a crash if the application continues to call
vpx_codec_decode().
Found with vpx_dec_fuzzer_vp8 & Nallocfuzz
(https://github.com/catenacyber/nallocfuzz).
Bug: webm:1807
Change-Id: I9867f5fc3d1163026f521a9609d3cbbc00568d1d
}
res = vp8_create_decoder_instances(&ctx->yv12_frame_buffers, &oxcf);
- if (res == VPX_CODEC_OK) ctx->decoder_init = 1;
+ if (res == VPX_CODEC_OK) {
+ ctx->decoder_init = 1;
+ } else {
+ /* on failure clear the cached resolution to ensure a full
+ * reallocation is attempted on resync. */
+ ctx->si.w = 0;
+ ctx->si.h = 0;
+ }
}
/* Set these even if already initialized. The caller may have changed the