Google Git
Sign in
android/platform/external/libmpeg2/baee958^!/.
commit
baee95878bdee51dbbc7d575d4de50c6fcabbcab
[log]
author
Venkatarama Avadhani <venkatarama.avadhani@ittiam.com>
Tue Jun 27 11:55:32 2017 +0530
committer
android-build-team Robot <android-build-team-robot@google.com>
Thu Sep 28 00:05:09 2017 +0000
tree
c97a5b7af030fab2ef40b9f7897ef7eb0e5a0ec7
parent
d9eb6d7808ae777c3dabd328de3c0e34dd88ff55 [diff]
Check Number of MBs to Skip.

The number of skip mbs was parsed as 0 and impeg2d_dec_skip_mbs was getting
called with a large number because of underflow.
Added a check for the same

Bug: 63125953
Test: run PoC on ASAN-enabled mpeg2dec before/after
Change-Id: I07f43c1745e38e800751997e97d44d2bab0615a8
(cherry picked from commit 89b4c1cf9e2d18c27c2d9c8c7504e5e2d79ef289)

diff --git a/decoder/impeg2d_pnb_pic.c b/decoder/impeg2d_pnb_pic.c
index 69277e5..570f0d2 100644
--- a/decoder/impeg2d_pnb_pic.c
+++ b/decoder/impeg2d_pnb_pic.c

@@ -77,6 +77,12 @@
     else
     {
         u2_mb_addr_incr = impeg2d_get_mb_addr_incr(ps_stream);
+
+        if(!u2_mb_addr_incr)
+        {
+            return IV_FAIL;
+        }
+
         if(0 == ps_dec->u2_first_mb)
         {
             /****************************************************************/