diff options
author | Harish Mahendrakar <harish.mahendrakar@ittiam.com> | 2020-12-02 11:54:47 -0800 |
---|---|---|
committer | Huizi Yang <yanghuiz@google.com> | 2020-12-09 15:51:02 -0800 |
commit | 57d350fd155ee5c5017127577bc2e88fa1812203 (patch) | |
tree | 6cbff8ce3a5e20e57303083d35372adcfc3b2eb7 | |
parent | ddeb73eb1fbca3ff23501797426625180db977b8 (diff) | |
download | libavc-57d350fd155ee5c5017127577bc2e88fa1812203.tar.gz |
decoder: Update check for first mb in sliceandroid-security-8.1.0_r88android-security-8.1.0_r87android-security-8.1.0_r86android-security-8.1.0_r85
first_mb_in_slice shouldn't be >= mbs in the picture.
Test: poc in bugs
Bug: b/174238784
Bug: b/174507022
Bug: oss-fuzz:27856
Bug: oss-fuzz:28039
Change-Id: Id3a41c8c2ddf814910fc2d5dd4f57bdd84d28fec
(cherry picked from commit 7e06940dce7245f03fd950edf7f72ff321b2b451)
-rw-r--r-- | decoder/ih264d_parse_slice.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c index b477c10..cf2dda9 100644 --- a/decoder/ih264d_parse_slice.c +++ b/decoder/ih264d_parse_slice.c @@ -1090,7 +1090,7 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice, u2_first_mb_in_slice = ih264d_uev(pu4_bitstrm_ofst, pu4_bitstrm_buf); if(u2_first_mb_in_slice - > (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)) + >= (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)) { return ERROR_CORRUPTED_SLICE; |