Fix heap buffer overflow while searching for valid PPS
Bug: 37094889
Test: Tested POC on ASAN build
Change-Id: Id4e52cd10a4d5eac015efe4b752162dc39cc30b8
(cherry picked from commit 520465122804c4022edd0c8c3c54a93fb4cba613)
diff --git a/decoder/ihevcd_parse_slice_header.c b/decoder/ihevcd_parse_slice_header.c
index a68db25..e1b50b7 100644
--- a/decoder/ihevcd_parse_slice_header.c
+++ b/decoder/ihevcd_parse_slice_header.c
@@ -257,10 +257,11 @@
{
pps_t *ps_pps_ref = ps_codec->ps_pps_base;
while(0 == ps_pps_ref->i1_pps_valid)
+ {
ps_pps_ref++;
-
- if((ps_pps_ref - ps_codec->ps_pps_base >= MAX_PPS_CNT - 1))
- return IHEVCD_INVALID_HEADER;
+ if((ps_pps_ref - ps_codec->ps_pps_base >= MAX_PPS_CNT - 1))
+ return IHEVCD_INVALID_HEADER;
+ }
ihevcd_copy_pps(ps_codec, pps_id, ps_pps_ref->i1_pps_id);
}