From cd98621eb9bb17faa91178f3c1fd92aba58450fe Mon Sep 17 00:00:00 2001 From: jeffqjiangNew <142832361+jeffqjiangNew@users.noreply.github.com> Date: Wed, 12 Mar 2025 17:49:52 -0400 Subject: [PATCH] * rocDecode/HEVC error resilience: Fixed a vulnerability with active PPS id. We should not assign the current active PPS id to an invalid value. (#529) [ROCm/rocdecode commit: ac74540c19dec6a4e70242e1df67d1323930b7ca] --- projects/rocdecode/src/parser/hevc_parser.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/projects/rocdecode/src/parser/hevc_parser.cpp b/projects/rocdecode/src/parser/hevc_parser.cpp index eaae1408ee..7720ae1dbf 100644 --- a/projects/rocdecode/src/parser/hevc_parser.cpp +++ b/projects/rocdecode/src/parser/hevc_parser.cpp @@ -1539,8 +1539,9 @@ ParserResult HevcVideoParser::ParseSliceHeader(uint8_t *nalu, size_t size, HevcS } // Set active VPS, SPS and PPS for the current slice - m_active_pps_id_ = Parser::ExpGolomb::ReadUe(nalu, offset); - CHECK_ALLOWED_MAX("active_pps_id", m_active_pps_id_, (MAX_PPS_COUNT - 1)); + int32_t active_pps_id = Parser::ExpGolomb::ReadUe(nalu, offset); + CHECK_ALLOWED_MAX("active_pps_id", active_pps_id, (MAX_PPS_COUNT - 1)); + m_active_pps_id_ = active_pps_id; temp_sh.slice_pic_parameter_set_id = p_slice_header->slice_pic_parameter_set_id = m_active_pps_id_; pps_ptr = &pps_list_[m_active_pps_id_]; if ( pps_ptr->is_received == 0) {