From 99230aeb0526e13056d8392ba91b1a73c3caabe6 Mon Sep 17 00:00:00 2001 From: Yaowu Xu Date: Wed, 16 Apr 2014 12:22:49 -0700 Subject: [PATCH] Prevent reading of uninitialized value This commit added a check of reference frame to make sure that pre buffer pointers are initialized only when necessary and make them to 0 if ref frame is intra, hence those buffer should never be used. Change-Id: Ieb474fcd9feb759f02e2f9c282b7348a8fa31117 --- vp8/decoder/decodeframe.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/vp8/decoder/decodeframe.c b/vp8/decoder/decodeframe.c index bfde599..14f611a 100644 --- a/vp8/decoder/decodeframe.c +++ b/vp8/decoder/decodeframe.c @@ -631,9 +631,17 @@ static void decode_mb_rows(VP8D_COMP *pbi) xd->dst.u_buffer = dst_buffer[1] + recon_uvoffset; xd->dst.v_buffer = dst_buffer[2] + recon_uvoffset; - xd->pre.y_buffer = ref_buffer[xd->mode_info_context->mbmi.ref_frame][0] + recon_yoffset; - xd->pre.u_buffer = ref_buffer[xd->mode_info_context->mbmi.ref_frame][1] + recon_uvoffset; - xd->pre.v_buffer = ref_buffer[xd->mode_info_context->mbmi.ref_frame][2] + recon_uvoffset; + if (xd->mode_info_context->mbmi.ref_frame >= LAST_FRAME) { + MV_REFERENCE_FRAME ref = xd->mode_info_context->mbmi.ref_frame; + xd->pre.y_buffer = ref_buffer[ref][0] + recon_yoffset; + xd->pre.u_buffer = ref_buffer[ref][1] + recon_uvoffset; + xd->pre.v_buffer = ref_buffer[ref][2] + recon_uvoffset; + } else { + // ref_frame is INTRA_FRAME, pre buffer should not be used. + xd->pre.y_buffer = 0; + xd->pre.u_buffer = 0; + xd->pre.v_buffer = 0; + } /* propagate errors from reference frames */ xd->corrupted |= ref_fb_corrupted[xd->mode_info_context->mbmi.ref_frame]; -- 2.7.4