aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarish Mahendrakar <harish.mahendrakar@ittiam.com>2020-12-02 11:54:47 -0800
committerHuizi Yang <yanghuiz@google.com>2020-12-09 15:54:19 -0800
commita6e59d07c01baeac2cd67f5e783d606fd438dd20 (patch)
tree3a9d1df83a23bd098a00a544df7967e596509b75
parentc6db62de7efb4f245e687b19749153ff56773f69 (diff)
downloadlibavc-android-security-10.0.0_r52.tar.gz
decoder: Update check for first mb in sliceandroid-security-10.0.0_r54android-security-10.0.0_r53android-security-10.0.0_r52android-security-10.0.0_r51
first_mb_in_slice shouldn't be >= mbs in the picture. Test: poc in bugs Bug: b/174238784 Bug: b/174507022 Bug: oss-fuzz:27856 Bug: oss-fuzz:28039 Change-Id: Id3a41c8c2ddf814910fc2d5dd4f57bdd84d28fec (cherry picked from commit 7e06940dce7245f03fd950edf7f72ff321b2b451)
Diffstat
-rw-r--r--decoder/ih264d_parse_slice.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c
index 8d50f9a..3ae206b 100644
--- a/decoder/ih264d_parse_slice.c
+++ b/decoder/ih264d_parse_slice.c
@@ -1093,7 +1093,7 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice,
u2_first_mb_in_slice = ih264d_uev(pu4_bitstrm_ofst,
pu4_bitstrm_buf);
if(u2_first_mb_in_slice
- > (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs))
+ >= (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs))
{
return ERROR_CORRUPTED_SLICE;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 05:31:49 +0000