summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNaveen Kumar P <naveenkumar.p@ittiam.com>2017-05-17 14:07:54 +0530
committerIvan Kutepov <its.kutepov@gmail.com>2017-09-14 23:54:10 +0300
commit6b0ac936a7170fb501ba82ebc37c523c427cd69d (patch)
treed3db99c1370f550cce2c6237472fe8ab908aa626
parenteda594771625201c51ca79d2dfec154d3c69ac1f (diff)
downloadandroid_external_libhevc-6b0ac936a7170fb501ba82ebc37c523c427cd69d.tar.gz
android_external_libhevc-6b0ac936a7170fb501ba82ebc37c523c427cd69d.tar.bz2
android_external_libhevc-6b0ac936a7170fb501ba82ebc37c523c427cd69d.zip
Return error for invalid crop parameters
Test: run poc with and without the patch Bug: 62214264 Change-Id: If627ee9a8f0dbd65963897966e1c2d39f5fbd428 (cherry picked from commit e8c26c16d78c5accec081c8f4516918eee679c4c) CVE-2017-0762
-rw-r--r--decoder/ihevcd_parse_headers.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/decoder/ihevcd_parse_headers.c b/decoder/ihevcd_parse_headers.c
index d78b950..a33a382 100644
--- a/decoder/ihevcd_parse_headers.c
+++ b/decoder/ihevcd_parse_headers.c
@@ -1283,15 +1283,31 @@ IHEVCD_ERROR_T ihevcd_parse_sps(codec_t *ps_codec)
{
UEV_PARSE("pic_crop_left_offset", value, ps_bitstrm);
+ if (value >= ps_sps->i2_pic_width_in_luma_samples)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
ps_sps->i2_pic_crop_left_offset = value;
UEV_PARSE("pic_crop_right_offset", value, ps_bitstrm);
+ if (value >= ps_sps->i2_pic_width_in_luma_samples)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
ps_sps->i2_pic_crop_right_offset = value;
UEV_PARSE("pic_crop_top_offset", value, ps_bitstrm);
+ if (value >= ps_sps->i2_pic_height_in_luma_samples)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
ps_sps->i2_pic_crop_top_offset = value;
UEV_PARSE("pic_crop_bottom_offset", value, ps_bitstrm);
+ if (value >= ps_sps->i2_pic_height_in_luma_samples)
+ {
+ return IHEVCD_INVALID_PARAMETER;
+ }
ps_sps->i2_pic_crop_bottom_offset = value;
}
else