Fix OOB issue in nal unit parsing
Bug: 37712181
Test: ran patched against POC on nyc-mr2
Change-Id: I5408b3afd898db99265f94573d1163ef83c9b99c
(cherry picked from commit 62ebc3276199bef53c4b87cfcd8c8586af255fee)
diff --git a/decoder/ihevcd_nal.c b/decoder/ihevcd_nal.c
index bee399f..cc4a27f 100644
--- a/decoder/ihevcd_nal.c
+++ b/decoder/ihevcd_nal.c
@@ -114,7 +114,8 @@
}
zero_byte_cnt++;
- if((pu1_buf[ofst + 1] == START_CODE_PREFIX_BYTE) &&
+ if((ofst < (bytes_remaining - 1)) &&
+ (pu1_buf[ofst + 1] == START_CODE_PREFIX_BYTE) &&
(zero_byte_cnt >= NUM_ZEROS_BEFORE_START_CODE))
{
/* Found the start code */
@@ -123,7 +124,7 @@
break;
}
}
- if(0 == start_code_found)
+ if((0 == start_code_found) && (ofst < bytes_remaining))
{
if((START_CODE_PREFIX_BYTE == pu1_buf[ofst]) &&
(zero_byte_cnt >= NUM_ZEROS_BEFORE_START_CODE))
@@ -231,7 +232,7 @@
}
- if(0 == start_code_found)
+ if((0 == start_code_found) && (src_cnt < bytes_remaining))
{
u1_src = pu1_src[src_cnt++];
if(zero_byte_cnt >= NUM_ZEROS_BEFORE_START_CODE)