Reject invalid spatial index
We should reject invalid values explicitly in order to prevent DCHECK
failures later, which affect fuzzing progress.
Bug: chromium:1009172, chromium:1009073
Change-Id: I7f0dc417ecac7aab076a652143f5face2ff98da2
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/156340
Commit-Queue: Kuang-che Wu <kcwu@google.com>
Reviewed-by: Magnus Flodman <mflodman@webrtc.org>
Reviewed-by: Erik Språng <sprang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#29459}
diff --git a/modules/rtp_rtcp/BUILD.gn b/modules/rtp_rtcp/BUILD.gn
index 48610be..3d7eeab 100644
--- a/modules/rtp_rtcp/BUILD.gn
+++ b/modules/rtp_rtcp/BUILD.gn
@@ -236,6 +236,7 @@
"../../api/units:timestamp",
"../../api/video:video_bitrate_allocation",
"../../api/video:video_bitrate_allocator",
+ "../../api/video:video_codec_constants",
"../../api/video:video_frame",
"../../api/video:video_frame_type",
"../../api/video:video_rtp_headers",
diff --git a/modules/rtp_rtcp/source/rtp_format_vp9.cc b/modules/rtp_rtcp/source/rtp_format_vp9.cc
index 3c40e55..f83a12b 100644
--- a/modules/rtp_rtcp/source/rtp_format_vp9.cc
+++ b/modules/rtp_rtcp/source/rtp_format_vp9.cc
@@ -12,6 +12,7 @@
#include <string.h>
+#include "api/video/video_codec_constants.h"
#include "modules/rtp_rtcp/source/rtp_packet_to_send.h"
#include "modules/video_coding/codecs/interface/common_constants.h"
#include "rtc_base/bit_buffer.h"
@@ -316,6 +317,8 @@
RETURN_FALSE_ON_ERROR(parser->ReadBits(&d_bit, 1));
vp9->temporal_idx = t;
vp9->temporal_up_switch = u_bit ? true : false;
+ if (s >= kMaxSpatialLayers)
+ return false;
vp9->spatial_idx = s;
vp9->inter_layer_predicted = d_bit ? true : false;
return true;