Sanity check parsed QP values from H264 bitstream

webrtc/common_video/h264/pps_parser.cc

Index: webrtc/common_video/h264/pps_parser.cc
diff --git a/webrtc/common_video/h264/pps_parser.cc b/webrtc/common_video/h264/pps_parser.cc
index 0215549959e39be2d224090539f29938c096a486..3eb1e9b1973cf6d0617b4e5148f5c6b0e1e91ac7 100644
--- a/webrtc/common_video/h264/pps_parser.cc
+++ b/webrtc/common_video/h264/pps_parser.cc
@@ -22,6 +22,10 @@
     return rtc::Optional<PpsParser::PpsState>(); \
   }
 
+namespace {
+int kMaxAbsPicInitQpDeltaValue = 25;

[magjed_webrtc, 2016/11/29 10:34:32]

nit: const

+}
+
 namespace webrtc {
 
 // General note: this is based off the 02/2014 version of the H.264 standard.
@@ -162,6 +166,10 @@ rtc::Optional<PpsParser::PpsState> PpsParser::ParseInternal(
   // pic_init_qp_minus26: se(v)
   RETURN_EMPTY_ON_FAIL(
       bit_buffer->ReadSignedExponentialGolomb(&pps.pic_init_qp_minus26));
+  // Sanity-check parsed value
+  if (abs(pps.pic_init_qp_minus26) > kMaxAbsPicInitQpDeltaValue) {
+    RETURN_EMPTY_ON_FAIL(false);
+  }
   // pic_init_qs_minus26: se(v)
   RETURN_EMPTY_ON_FAIL(bit_buffer->ReadExponentialGolomb(&golomb_ignored));
   // chroma_qp_index_offset: se(v)