Overview

File CVE-2020-0034.patch of Package libvpx.22230

--- a/vp8/decoder/decodframe.c.orig	2021-12-15 09:36:40.224483998 +0100
+++ b/vp8/decoder/decodframe.c	2021-12-15 09:38:19.976601085 +0100
@@ -1049,7 +1049,7 @@
             /* When error concealment is enabled we should only check the sync
              * code if we have enough bits available
              */
-            if (!pbi->ec_active || data + 3 < data_end)
+            if (data + 3 < data_end)
             {
                 if (clear[0] != 0x9d || clear[1] != 0x01 || clear[2] != 0x2a)
                     vpx_internal_error(&pc->error, VPX_CODEC_UNSUP_BITSTREAM,
@@ -1060,14 +1060,20 @@
              * if we have enough data. Otherwise we will end up with the wrong
              * size.
              */
-            if (!pbi->ec_active || data + 6 < data_end)
+            if (data + 6 < data_end)
             {
                 pc->Width = (clear[3] | (clear[4] << 8)) & 0x3fff;
                 pc->horiz_scale = clear[4] >> 6;
                 pc->Height = (clear[5] | (clear[6] << 8)) & 0x3fff;
                 pc->vert_scale = clear[6] >> 6;
+                data += 7;
+            } else if (!pbi->ec_active) {
+              vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME,
+                                 "Truncated key frame header");
+            } else {
+              /* Error concealment is active, clear the frame. */
+              data = data_end;
             }
-            data += 7;
             clear += 7;
         }
         else
openSUSE Build Service is sponsored by
Places