BASELINE: Update Chromium to 85.0.4183.14085-based

Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-10-12 14:27:29 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2020-10-13 09:35:20 +0000
commit: c30a6232df03e1efbd9f3b226777b07e087a1122 (patch)
tree: e992f45784689f373bcc38d1b79a239ebe17ee23 /chromium/media/gpu/h264_decoder.cc
parent: 7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (diff)
download: qtwebengine-chromium-85-based.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/chromium/media/gpu/h264_decoder.cc b/chromium/media/gpu/h264_decoder.cc
index 59ab81d16ba..93abea8c715 100644
--- a/chromium/media/gpu/h264_decoder.cc
+++ b/chromium/media/gpu/h264_decoder.cc
@@ -8,6 +8,7 @@
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback_helpers.h"
+#include "base/logging.h"
 #include "base/numerics/safe_conversions.h"
 #include "base/optional.h"
 #include "base/stl_util.h"
@@ -567,6 +568,13 @@ bool H264Decoder::ModifyReferencePicList(const H264SliceHeader* slice_hdr,
           DVLOG(1) << "Malformed stream, no pic num " << pic_num_lx;
           return false;
         }
+
+        if (ref_idx_lx > num_ref_idx_lX_active_minus1) {
+          DVLOG(1) << "Bounds mismatch: expected " << ref_idx_lx
+                   << " <= " << num_ref_idx_lX_active_minus1;
+          return false;
+        }
+
         ShiftRightAndInsert(ref_pic_listx, ref_idx_lx,
                             num_ref_idx_lX_active_minus1, pic);
         ref_idx_lx++;
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-10-12 14:27:29 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2020-10-13 09:35:20 +0000
commit	c30a6232df03e1efbd9f3b226777b07e087a1122 (patch)
tree	e992f45784689f373bcc38d1b79a239ebe17ee23 /chromium/media/gpu/h264_decoder.cc
parent	7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (diff)
download	qtwebengine-chromium-85-based.tar.gz