decoder: Update check for first mb in sliceandroid-security-8.1.0_r88 android-security-8.1.0_r87 android-security-8.1.0_r86 android-security-8.1.0_r85

first_mb_in_slice shouldn't be >= mbs in the picture. Test: poc in bugs Bug: b/174238784 Bug: b/174507022 Bug: oss-fuzz:27856 Bug: oss-fuzz:28039 Change-Id: Id3a41c8c2ddf814910fc2d5dd4f57bdd84d28fec (cherry picked from commit 7e06940dce7245f03fd950edf7f72ff321b2b451)
author: Harish Mahendrakar <harish.mahendrakar@ittiam.com> 2020-12-02 11:54:47 -0800
committer: Huizi Yang <yanghuiz@google.com> 2020-12-09 15:51:02 -0800
commit: 57d350fd155ee5c5017127577bc2e88fa1812203 (patch)
tree: 6cbff8ce3a5e20e57303083d35372adcfc3b2eb7
parent: ddeb73eb1fbca3ff23501797426625180db977b8 (diff)
download: libavc-57d350fd155ee5c5017127577bc2e88fa1812203.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c
index b477c10..cf2dda9 100644
--- a/decoder/ih264d_parse_slice.c
+++ b/decoder/ih264d_parse_slice.c
@@ -1090,7 +1090,7 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice,
     u2_first_mb_in_slice = ih264d_uev(pu4_bitstrm_ofst,
                                      pu4_bitstrm_buf);
     if(u2_first_mb_in_slice
-                    > (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs))
+                    >= (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs))
     {
 
         return ERROR_CORRUPTED_SLICE;
author	Harish Mahendrakar <harish.mahendrakar@ittiam.com>	2020-12-02 11:54:47 -0800
committer	Huizi Yang <yanghuiz@google.com>	2020-12-09 15:51:02 -0800
commit	57d350fd155ee5c5017127577bc2e88fa1812203 (patch)
tree	6cbff8ce3a5e20e57303083d35372adcfc3b2eb7
parent	ddeb73eb1fbca3ff23501797426625180db977b8 (diff)
download	libavc-57d350fd155ee5c5017127577bc2e88fa1812203.tar.gz