From 6b8c4f82ff42a755d948ea85ea072ef7c74b6f0d Mon Sep 17 00:00:00 2001
From: jeffqjiangNew <142832361+jeffqjiangNew@users.noreply.github.com>
Date: Wed, 21 May 2025 10:04:16 -0400
Subject: [PATCH] VP9 error resilience: Added uncompressed and compressed
 header size checks. (#592)

* * VP9 error resilience: Added uncompressed and compressed header size checks.

* * Minor format change.

[ROCm/rocdecode commit: 24b0c59d71ea0573221aae09953833f5301bc85e]
---
 projects/rocdecode/src/parser/vp9_parser.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/projects/rocdecode/src/parser/vp9_parser.cpp b/projects/rocdecode/src/parser/vp9_parser.cpp
index 691f4489f6..7d5184ea31 100644
--- a/projects/rocdecode/src/parser/vp9_parser.cpp
+++ b/projects/rocdecode/src/parser/vp9_parser.cpp
@@ -585,6 +585,14 @@ ParserResult Vp9VideoParser::ParseUncompressedHeader(uint8_t *p_stream, size_t s
         new_seq_activated_ = true;
     }
     uncomp_header_size_ = (offset + 7) >> 3;
+    if (uncomp_header_size_ > size) {
+        ERR("Uncompressed header size (" + TOSTR(uncomp_header_size_) + ") exceeds frame data size (" + TOSTR(size) + ")");
+        return PARSER_WRONG_STATE;
+    }
+    if (p_uncomp_header->header_size_in_bytes > (size - uncomp_header_size_)) {
+        ERR("header_size_in_bytes (" + TOSTR(p_uncomp_header->header_size_in_bytes) + ") exceeds allowed size (" + TOSTR(size - uncomp_header_size_) + ")");
+        return PARSER_WRONG_STATE;
+    }
     return PARSER_OK;
 }