Fix integer overflow with log2_min_ipcm_cb_size_y in H265Parser

BUG=b:153111783,chromium:1152523 TEST=Fuzzer passes Change-Id: I27f353116d6703b065cecef527c24487f627f67b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2558788 Auto-Submit: Jeffrey Kardatzke <jkardatzke@google.com> Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Reviewed-by: Sergey Volk <servolk@chromium.org> Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Cr-Commit-Position: refs/heads/master@{#830735}

Fix integer overflow with log2_min_ipcm_cb_size_y in H265Parser
BUG=b:153111783,chromium:1152523 TEST=Fuzzer passes Change-Id: I27f353116d6703b065cecef527c24487f627f67b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2558788 Auto-Submit: Jeffrey Kardatzke <jkardatzke@google.com> Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Reviewed-by: Sergey Volk <servolk@chromium.org> Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Cr-Commit-Position: refs/heads/master@{#830735}
6ab6656e · Jeffrey Kardatzke · Commit Bot · 44e9fe8a · 6ab6656e
Commit 6ab6656e authored Nov 24, 2020 by Jeffrey Kardatzke Committed by Commit Bot Nov 24, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

media/video/h265_parser.cc media/video/h265_parser.cc +1 -0

No files found.
--- a/media/video/h265_parser.cc
+++ b/media/video/h265_parser.cc
@@ -670,6 +670,7 @@ H265Parser::Result H265Parser::ParseSPS(int* sps_id) {
    TRUE_OR_RETURN(sps->pcm_sample_bit_depth_chroma_minus1 + 1 <=
                   sps->bit_depth_c);
    READ_UE_OR_RETURN(&sps->log2_min_pcm_luma_coding_block_size_minus3);
+    IN_RANGE_OR_RETURN(sps->log2_min_pcm_luma_coding_block_size_minus3, 0, 2);
    int log2_min_ipcm_cb_size_y =
        sps->log2_min_pcm_luma_coding_block_size_minus3 + 3;
    IN_RANGE_OR_RETURN(log2_min_ipcm_cb_size_y, std::min(min_cb_log2_size_y, 5),