Added error check while parsing scaling_list
Test: poc in bug
Bug: 134405507
Change-Id: Ic3289a4fb1652dd35be5e2b59dbc41f2c888786f
diff --git a/common/ih264_defs.h b/common/ih264_defs.h
index b26a5a4..e99652d 100644
--- a/common/ih264_defs.h
+++ b/common/ih264_defs.h
@@ -611,6 +611,16 @@
#define MAX_H264_QP 51
/**
+ * @brief Minimum delta scale supported in H264 spec
+ */
+#define MIN_H264_DELTA_SCALE (-128)
+
+/**
+ * @brief Maximum delta scale supported in H264 spec
+ */
+#define MAX_H264_DELTA_SCALE 127
+
+/**
* @breif Total number of transform sizes
* used for sizeID while getting scale matrix
*/
diff --git a/decoder/ih264d_parse_headers.c b/decoder/ih264d_parse_headers.c
index 03b423c..338b200 100644
--- a/decoder/ih264d_parse_headers.c
+++ b/decoder/ih264d_parse_headers.c
@@ -348,9 +348,10 @@
if(ps_pps->u1_pic_scaling_list_present_flag[i4_i])
{
+ WORD32 ret;
if(i4_i < 6)
{
- ih264d_scaling_list(
+ ret = ih264d_scaling_list(
ps_pps->i2_pic_scalinglist4x4[i4_i],
16,
&ps_pps->u1_pic_use_default_scaling_matrix_flag[i4_i],
@@ -358,12 +359,17 @@
}
else
{
- ih264d_scaling_list(
+ ret = ih264d_scaling_list(
ps_pps->i2_pic_scalinglist8x8[i4_i - 6],
64,
&ps_pps->u1_pic_use_default_scaling_matrix_flag[i4_i],
ps_bitstrm);
}
+
+ if(ret != OK)
+ {
+ return ret;
+ }
}
}
}
@@ -663,7 +669,7 @@
{
if(i4_i < 6)
{
- ih264d_scaling_list(
+ ret = ih264d_scaling_list(
ps_seq->i2_scalinglist4x4[i4_i],
16,
&ps_seq->u1_use_default_scaling_matrix_flag[i4_i],
@@ -671,12 +677,16 @@
}
else
{
- ih264d_scaling_list(
+ ret = ih264d_scaling_list(
ps_seq->i2_scalinglist8x8[i4_i - 6],
64,
&ps_seq->u1_use_default_scaling_matrix_flag[i4_i],
ps_bitstrm);
}
+ if(ret != OK)
+ {
+ return ret;
+ }
}
}
}
diff --git a/decoder/ih264d_quant_scaling.c b/decoder/ih264d_quant_scaling.c
index 1d48907..4e5c58d 100644
--- a/decoder/ih264d_quant_scaling.c
+++ b/decoder/ih264d_quant_scaling.c
@@ -20,6 +20,7 @@
#include "ih264_typedefs.h"
#include "ih264_macros.h"
#include "ih264_platform_macros.h"
+#include "ih264_defs.h"
#include "ih264d_bitstrm.h"
#include "ih264d_structs.h"
#include "ih264d_parse_cavlc.h"
@@ -44,7 +45,7 @@
#define IDCT_BLOCK_WIDTH8X8 8
-void ih264d_scaling_list(WORD16 *pi2_scaling_list,
+WORD32 ih264d_scaling_list(WORD16 *pi2_scaling_list,
WORD32 i4_size_of_scalinglist,
UWORD8 *pu1_use_default_scaling_matrix_flag,
dec_bit_stream_t *ps_bitstrm)
@@ -62,6 +63,11 @@
i4_delta_scale = ih264d_sev(pu4_bitstrm_ofst,
pu4_bitstrm_buf);
+ if(i4_delta_scale < MIN_H264_DELTA_SCALE ||
+ i4_delta_scale > MAX_H264_DELTA_SCALE)
+ {
+ return ERROR_INV_RANGE_QP_T;
+ }
i4_nextScale = ((i4_lastScale + i4_delta_scale + 256) & 0xff);
*pu1_use_default_scaling_matrix_flag = ((i4_j == 0)
@@ -72,6 +78,7 @@
(i4_nextScale == 0) ? (i4_lastScale) : (i4_nextScale);
i4_lastScale = pi2_scaling_list[i4_j];
}
+ return OK;
}
WORD32 ih264d_form_default_scaling_matrix(dec_struct_t *ps_dec)
diff --git a/decoder/ih264d_quant_scaling.h b/decoder/ih264d_quant_scaling.h
index c714c34..1a9b7d1 100644
--- a/decoder/ih264d_quant_scaling.h
+++ b/decoder/ih264d_quant_scaling.h
@@ -19,7 +19,7 @@
*/
#ifndef _IH264D_QUANT_SCALING_H_
#define _IH264D_QUANT_SCALING_H_
-void ih264d_scaling_list(WORD16 *pi2_scaling_list,
+WORD32 ih264d_scaling_list(WORD16 *pi2_scaling_list,
WORD32 i4_size_of_scalinglist,
UWORD8 *pu1_use_default_scaling_matrix_flag,
dec_bit_stream_t *ps_bitstrm);