-
Jeffrey Kardatzke authored
Spec isn't clear on this, but when we are doing short term ref pic sets that are relative to existing ones, these can keep chaining and then grow their size without bound. Seems reasonable to constrain this value for the delta based ones just as for the fully declared ones. Also fixes range validation for cpb_cnt. Also fixes zero valued NumPicTotalCurr. Also fixes overflow in SPS parsing. BUG=b:153111783,chromium:1148504,chromium:1148698,chromium:1148863, chromium:1148910 TEST=Fuzzer no longer crashes Change-Id: I430f1fe2d4e4e5affe6caea80be6d01b84896b14 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2536851Reviewed-by:
Dale Curtis <dalecurtis@chromium.org> Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Auto-Submit: Jeffrey Kardatzke <jkardatzke@google.com> Cr-Commit-Position: refs/heads/master@{#827449}
31450024
