svcdec: Bug fix in header parsing w.r.t u1_extended_spatial_scalability_idc
BUG=oss-fuzz: 56176
Test: svc_dec_fuzzer
diff --git a/decoder/svc/isvcd_mode_mv_resamp.c b/decoder/svc/isvcd_mode_mv_resamp.c
index 49adebc..322dbec 100644
--- a/decoder/svc/isvcd_mode_mv_resamp.c
+++ b/decoder/svc/isvcd_mode_mv_resamp.c
@@ -3024,8 +3024,8 @@
i4_scaled_ref_lyr_height;
/* calcualte the values to be added based on left and top offset */
- i4_scale_add_x = (1 << (i4_shift_x - 1)) - i4_offset_x * i4_scale_x;
- i4_scale_add_y = (1 << (i4_shift_y - 1)) - i4_offset_y * i4_scale_y;
+ i4_scale_add_x = (1 << (i4_shift_x - 1)) - (i4_offset_x * (WORD32) i4_scale_x);
+ i4_scale_add_y = (1 << (i4_shift_y - 1)) - (i4_offset_y * (WORD32) i4_scale_y);
/* derive the projected locations in the reference layer */
for(i4_cntr = 0; i4_cntr < i4_curr_lyr_width; i4_cntr++)
diff --git a/decoder/svc/isvcd_nal_parse_structs.h b/decoder/svc/isvcd_nal_parse_structs.h
index fb1cb61..890ff29 100644
--- a/decoder/svc/isvcd_nal_parse_structs.h
+++ b/decoder/svc/isvcd_nal_parse_structs.h
@@ -97,7 +97,10 @@
pu1_buf_ptr += u4_inc;
/* Update the pointers */
+ if(*pu4_bytes_left >= u4_inc)
+ {
*pu4_bytes_left -= u4_inc;
+ }
*ppu1_buf = pu1_buf_ptr;
}
diff --git a/decoder/svc/isvcd_parse_headers.c b/decoder/svc/isvcd_parse_headers.c
index 6c3e9fb..b549f4c 100644
--- a/decoder/svc/isvcd_parse_headers.c
+++ b/decoder/svc/isvcd_parse_headers.c
@@ -603,7 +603,8 @@
COPYTHECONTEXT("SPS_EXt: u1_extended_spatial_scalability_idc",
ps_seq_svc_ext->u1_extended_spatial_scalability_idc);
- if(ps_seq_svc_ext->u1_extended_spatial_scalability_idc >= 3)
+ /* u1_extended_spatial_scalability_idc value 0 is supported*/
+ if(ps_seq_svc_ext->u1_extended_spatial_scalability_idc != 0)
{
return ERROR_SVC_INV_SUBSET_SPS;
}
