diff options
author | Harish Mahendrakar <harish.mahendrakar@ittiam.com> | 2020-12-02 11:54:47 -0800 |
---|---|---|
committer | Huizi Yang <yanghuiz@google.com> | 2020-12-09 15:54:19 -0800 |
commit | a6e59d07c01baeac2cd67f5e783d606fd438dd20 (patch) | |
tree | 3a9d1df83a23bd098a00a544df7967e596509b75 | |
parent | c6db62de7efb4f245e687b19749153ff56773f69 (diff) | |
download | libavc-android-security-10.0.0_r52.tar.gz |
decoder: Update check for first mb in sliceandroid-security-10.0.0_r54android-security-10.0.0_r53android-security-10.0.0_r52android-security-10.0.0_r51
first_mb_in_slice shouldn't be >= mbs in the picture.
Test: poc in bugs
Bug: b/174238784
Bug: b/174507022
Bug: oss-fuzz:27856
Bug: oss-fuzz:28039
Change-Id: Id3a41c8c2ddf814910fc2d5dd4f57bdd84d28fec
(cherry picked from commit 7e06940dce7245f03fd950edf7f72ff321b2b451)
-rw-r--r-- | decoder/ih264d_parse_slice.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c index 8d50f9a..3ae206b 100644 --- a/decoder/ih264d_parse_slice.c +++ b/decoder/ih264d_parse_slice.c @@ -1093,7 +1093,7 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice, u2_first_mb_in_slice = ih264d_uev(pu4_bitstrm_ofst, pu4_bitstrm_buf); if(u2_first_mb_in_slice - > (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)) + >= (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)) { return ERROR_CORRUPTED_SLICE; |