Bug 1334971: P1. Properly handle invalid PPS. r?gerald draft
authorJean-Yves Avenard <jyavenard@mozilla.com>
Mon, 06 Feb 2017 15:06:51 +0100
changeset 479513 d12b3d2debb179893a79cd7b686601b9c7fb3d27
parent 479417 7f1b358fb17dfd982c5e18c34d5735cd481c7f7c
child 479514 2951ba19a8a621d465ecd22d9b3f62996b9c066b
push id44276
push userbmo:jyavenard@mozilla.com
push dateMon, 06 Feb 2017 20:47:01 +0000
reviewersgerald
bugs1334971
milestone54.0a1
Bug 1334971: P1. Properly handle invalid PPS. r?gerald Also fix H264::DecodePPS which incorrectly always returned an error when parsing a valid PPS. MozReview-Commit-ID: L1HUAdxWdu0
media/libstagefright/binding/H264.cpp
--- a/media/libstagefright/binding/H264.cpp
+++ b/media/libstagefright/binding/H264.cpp
@@ -748,19 +748,22 @@ H264::DecodePPSDataSetFromExtraData(cons
 
     RefPtr<mozilla::MediaByteBuffer> pps = DecodeNALUnit(rawNAL);
 
     if (!pps) {
       return false;
     }
 
     PPSData ppsData;
-    if(DecodePPS(pps, aSPSes, ppsData)) {
+    if (!DecodePPS(pps, aSPSes, ppsData)) {
       return false;
     }
+    if (ppsData.pic_parameter_set_id >= aDest.Length()) {
+      aDest.SetLength(ppsData.pic_parameter_set_id + 1);
+    }
     aDest[ppsData.pic_parameter_set_id] = Move(ppsData);
   }
   return true;
 }
 
 /* static */ bool
 H264::DecodePPS(const mozilla::MediaByteBuffer* aPPS, const SPSDataSet& aSPSes,
                 PPSData& aDest)
@@ -773,16 +776,19 @@ H264::DecodePPS(const mozilla::MediaByte
     return false;
   }
 
   BitReader br(aPPS, GetBitLength(aPPS));
 
   READUE(pic_parameter_set_id, MAX_PPS_COUNT - 1);
   READUE(seq_parameter_set_id, MAX_SPS_COUNT - 1);
 
+  if (aDest.seq_parameter_set_id >= aSPSes.Length()) {
+    return false;
+  }
   const SPSData& sps = aSPSes[aDest.seq_parameter_set_id];
 
   memcpy(aDest.scaling_matrix4x4, sps.scaling_matrix4x4,
          sizeof(aDest.scaling_matrix4x4));
   memcpy(aDest.scaling_matrix8x8, sps.scaling_matrix8x8,
          sizeof(aDest.scaling_matrix8x8));
 
   aDest.entropy_coding_mode_flag = br.ReadBit();