From 7e06940dce7245f03fd950edf7f72ff321b2b451 Mon Sep 17 00:00:00 2001 From: Harish Mahendrakar Date: Wed, 2 Dec 2020 11:54:47 -0800 Subject: [PATCH] decoder: Update check for first mb in slice first_mb_in_slice shouldn't be >= mbs in the picture. Test: poc in bugs Bug: b/174238784 Bug: b/174507022 Bug: oss-fuzz:27856 Bug: oss-fuzz:28039 Change-Id: Id3a41c8c2ddf814910fc2d5dd4f57bdd84d28fec --- decoder/ih264d_parse_slice.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decoder/ih264d_parse_slice.c b/decoder/ih264d_parse_slice.c index b477c10..cf2dda9 100644 --- a/decoder/ih264d_parse_slice.c +++ b/decoder/ih264d_parse_slice.c @@ -1090,7 +1090,7 @@ WORD32 ih264d_parse_decode_slice(UWORD8 u1_is_idr_slice, u2_first_mb_in_slice = ih264d_uev(pu4_bitstrm_ofst, pu4_bitstrm_buf); if(u2_first_mb_in_slice - > (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)) + >= (ps_dec->u2_frm_ht_in_mbs * ps_dec->u2_frm_wd_in_mbs)) { return ERROR_CORRUPTED_SLICE;