commit 2ffc45a464712cc0365d50f286ae8588ebe8c3bf
author Yamzala Bhanu Chander <bhanu@hi-p.com> Fri Oct 14 11:05:47 2016 +0800
committer Gerrit Code Review <codereview@hi-p.com> Fri Oct 14 11:05:47 2016 +0800
tree f5ac6c7e0ef4205db5723e398921315a770a834c
parent f8cc75954d5d485bcce13c4bcfb13982de144695
parent da0a99f0094b3f41d0d78e1dfd62b07f2bb94766

Merge "FPII-2476 :Denial of service vulnerability in Mediaserver CVE-2016-6712 A-30593752" into fp/fp2_5.1_int

libvpx/vp8/vp8_dx_iface.c

diff --git a/libvpx/vp8/vp8_dx_iface.c b/libvpx/vp8/vp8_dx_iface.c
index 72e4770..e0bccc6 100644
--- a/libvpx/vp8/vp8_dx_iface.c
+++ b/libvpx/vp8/vp8_dx_iface.c
@@ -198,8 +198,8 @@
             si->h = (clear[8] | (clear[9] << 8)) & 0x3fff;
 
             /*printf("w=%d, h=%d\n", si->w, si->h);*/
-            if (!(si->h | si->w))
-                res = VPX_CODEC_UNSUP_BITSTREAM;
+            if (!(si->h && si->w))
+                res = VPX_CODEC_CORRUPT_FRAME;
         }
         else
         {
@@ -421,6 +421,10 @@
                 if (setjmp(pbi->common.error.jmp))
                 {
                     pbi->common.error.setjmp = 0;
+                /* on failure clear the cached resolution to ensure a full
+                * reallocation is attempted on resync. */
+                     ctx->si.w = 0;
+                     ctx->si.h = 0;
                     vp8_clear_system_state();
                     /* same return value as used in vp8dx_receive_compressed_data */
                     return -1;