Check fragments count before use

author Jerome Jiang <jianj@google.com>

Fri, 3 Nov 2023 19:22:04 +0000 (15:22 -0400)

committer Jerome Jiang <jianj@google.com>

Fri, 3 Nov 2023 20:24:46 +0000 (16:24 -0400)
author Jerome Jiang <jianj@google.com>
Fri, 3 Nov 2023 19:22:04 +0000 (15:22 -0400)
committer Jerome Jiang <jianj@google.com>
Fri, 3 Nov 2023 20:24:46 +0000 (16:24 -0400)
diff --git a/vp8/vp8_dx_iface.c b/vp8/vp8_dx_iface.c

index 9e622e3..d4e06a7 100644 (file)
--- a/vp8/vp8_dx_iface.c
+++ b/vp8/vp8_dx_iface.c
@@ -249,14 +249,14 @@ static int update_fragments(vpx_codec_alg_priv_t *ctx, const uint8_t *data,
      /* Store a pointer to this fragment and return. We haven't
       * received the complete frame yet, so we will wait with decoding.
       */
-    ctx->fragments.ptrs[ctx->fragments.count] = data;
-    ctx->fragments.sizes[ctx->fragments.count] = data_sz;
-    ctx->fragments.count++;
-    if (ctx->fragments.count > (1 << EIGHT_PARTITION) + 1) {
+    if (ctx->fragments.count >= MAX_PARTITIONS) {
        ctx->fragments.count = 0;
        *res = VPX_CODEC_INVALID_PARAM;
        return -1;
      }
+    ctx->fragments.ptrs[ctx->fragments.count] = data;
+    ctx->fragments.sizes[ctx->fragments.count] = data_sz;
+    ctx->fragments.count++;
      return 0;
    }
author	Jerome Jiang <jianj@google.com>
	Fri, 3 Nov 2023 19:22:04 +0000 (15:22 -0400)
committer	Jerome Jiang <jianj@google.com>
	Fri, 3 Nov 2023 20:24:46 +0000 (16:24 -0400)