From 62f98981ffc29082dd4bbf173a043a5bcbb86652 Mon Sep 17 00:00:00 2001 From: Hamsalekha S Date: Wed, 10 May 2017 14:23:48 +0530 Subject: [PATCH] Decoder: Added an error check while parsing PPS. Added an error check while parsing PPS syntax element second_chroma_qp_index_offset. Bug: 37207120 Change-Id: Icba6b7bcf5940505717ee61134ed801c221b6e26 --- decoder/ih264d_parse_headers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/decoder/ih264d_parse_headers.c b/decoder/ih264d_parse_headers.c index a398658..389bb3c 100644 --- a/decoder/ih264d_parse_headers.c +++ b/decoder/ih264d_parse_headers.c @@ -361,11 +361,13 @@ WORD32 ih264d_parse_pps(dec_struct_t * ps_dec, dec_bit_stream_t * ps_bitstrm) } /* read second_chroma_qp_index_offset syntax element */ - ps_pps->i1_second_chroma_qp_index_offset = ih264d_sev( + i_temp = ih264d_sev( pu4_bitstrm_ofst, pu4_bitstrm_buf); - if((ps_pps->i1_second_chroma_qp_index_offset + 12) > 24) + if((i_temp < -12) || (i_temp > 12)) return ERROR_INV_RANGE_QP_T; + + ps_pps->i1_second_chroma_qp_index_offset = i_temp; } /* In case bitstream read has exceeded the filled size, then