Google Git
Sign in
webrtc / src / 75acef396265beccab231928f7b989dac3b081e3^! / .
commit75acef396265beccab231928f7b989dac3b081e3[log] [tgz]
authorKuang-che Wu <kcwu@google.com>Thu Oct 10 11:54:45 2019
committerCommit Bot <commit-bot@chromium.org>Mon Oct 14 12:24:01 2019
treef9d56f965b005b542533e0584a62b06e89968d8b
parentd6bb18479f4d9e258ae3e05427c101fb9e635373 [diff]
Reject invalid spatial index

We should reject invalid values explicitly in order to prevent DCHECK
failures later, which affect fuzzing progress.

Bug: chromium:1009172, chromium:1009073
Change-Id: I7f0dc417ecac7aab076a652143f5face2ff98da2
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/156340
Commit-Queue: Kuang-che Wu <kcwu@google.com>
Reviewed-by: Magnus Flodman <mflodman@webrtc.org>
Reviewed-by: Erik Språng <sprang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#29459}

diff --git a/modules/rtp_rtcp/BUILD.gn b/modules/rtp_rtcp/BUILD.gn
index 48610be..3d7eeab 100644
--- a/modules/rtp_rtcp/BUILD.gn
+++ b/modules/rtp_rtcp/BUILD.gn

@@ -236,6 +236,7 @@
     "../../api/units:timestamp",
     "../../api/video:video_bitrate_allocation",
     "../../api/video:video_bitrate_allocator",
+    "../../api/video:video_codec_constants",
     "../../api/video:video_frame",
     "../../api/video:video_frame_type",
     "../../api/video:video_rtp_headers",

diff --git a/modules/rtp_rtcp/source/rtp_format_vp9.cc b/modules/rtp_rtcp/source/rtp_format_vp9.cc
index 3c40e55..f83a12b 100644
--- a/modules/rtp_rtcp/source/rtp_format_vp9.cc
+++ b/modules/rtp_rtcp/source/rtp_format_vp9.cc

@@ -12,6 +12,7 @@
 
 #include <string.h>
 
+#include "api/video/video_codec_constants.h"
 #include "modules/rtp_rtcp/source/rtp_packet_to_send.h"
 #include "modules/video_coding/codecs/interface/common_constants.h"
 #include "rtc_base/bit_buffer.h"
@@ -316,6 +317,8 @@
   RETURN_FALSE_ON_ERROR(parser->ReadBits(&d_bit, 1));
   vp9->temporal_idx = t;
   vp9->temporal_up_switch = u_bit ? true : false;
+  if (s >= kMaxSpatialLayers)
+    return false;
   vp9->spatial_idx = s;
   vp9->inter_layer_predicted = d_bit ? true : false;
   return true;