summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--decoder/ih264d_parse_headers.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/decoder/ih264d_parse_headers.c b/decoder/ih264d_parse_headers.c
index 35c3a16..21ebfa8 100644
--- a/decoder/ih264d_parse_headers.c
+++ b/decoder/ih264d_parse_headers.c
@@ -368,6 +368,12 @@ WORD32 ih264d_parse_pps(dec_struct_t * ps_dec, dec_bit_stream_t * ps_bitstrm)
return ERROR_INV_RANGE_QP_T;
}
+ /* In case bitstream read has exceeded the filled size, then
+ return an error */
+ if(ps_bitstrm->u4_ofst > ps_bitstrm->u4_max_ofst + 8)
+ {
+ return ERROR_INV_SPS_PPS_T;
+ }
ps_pps->u1_is_valid = TRUE;
ps_dec->ps_pps[ps_pps->u1_pic_parameter_set_id] = *ps_pps;
return OK;
@@ -937,8 +943,6 @@ WORD32 ih264d_parse_sps(dec_struct_t *ps_dec, dec_bit_stream_t *ps_bitstrm)
}
- ps_seq->u1_is_valid = TRUE;
-
if(1 == ps_seq->u1_vui_parameters_present_flag)
{
ret = ih264d_parse_vui_parametres(&ps_seq->s_vui, ps_bitstrm);
@@ -1002,6 +1006,13 @@ WORD32 ih264d_parse_sps(dec_struct_t *ps_dec, dec_bit_stream_t *ps_bitstrm)
ps_dec->u2_crop_offset_y = u2_crop_offset_y;
ps_dec->u2_crop_offset_uv = u2_crop_offset_uv;
+ /* In case bitstream read has exceeded the filled size, then
+ return an error */
+ if(ps_bitstrm->u4_ofst > ps_bitstrm->u4_max_ofst)
+ {
+ return ERROR_INV_SPS_PPS_T;
+ }
+ ps_seq->u1_is_valid = TRUE;
ps_dec->ps_sps[u1_seq_parameter_set_id] = *ps_seq;
return OK;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 16:56:40 +0000