Fixes undefined behavior
Fixes: asan_static-oob_17aa046_582_cov_1577759978_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3281fa892599d71b4dc298a426af8296419cd90e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
... | ... |
@@ -1072,6 +1072,14 @@ int ff_hevc_decode_nal_pps(HEVCContext *s) |
1072 | 1072 |
if (pps->cu_qp_delta_enabled_flag) |
1073 | 1073 |
pps->diff_cu_qp_delta_depth = get_ue_golomb_long(gb); |
1074 | 1074 |
|
1075 |
+ if (pps->diff_cu_qp_delta_depth < 0 || |
|
1076 |
+ pps->diff_cu_qp_delta_depth > sps->log2_diff_max_min_coding_block_size) { |
|
1077 |
+ av_log(s->avctx, AV_LOG_ERROR, "diff_cu_qp_delta_depth %d is invalid\n", |
|
1078 |
+ pps->diff_cu_qp_delta_depth); |
|
1079 |
+ ret = AVERROR_INVALIDDATA; |
|
1080 |
+ goto err; |
|
1081 |
+ } |
|
1082 |
+ |
|
1075 | 1083 |
pps->cb_qp_offset = get_se_golomb(gb); |
1076 | 1084 |
if (pps->cb_qp_offset < -12 || pps->cb_qp_offset > 12) { |
1077 | 1085 |
av_log(s->avctx, AV_LOG_ERROR, "pps_cb_qp_offset out of range: %d\n", |