m4v_h263: add a test for invalid/negative value Test: run poc with and without the patch. Bug: 134578122 Change-Id: I2d11826d1d9e2669aa5627065dc627729ddc823b (cherry picked from commit 7802c68aebf7908983508fd4a52a7d53746a80eb)

commit: 0ec238bc73c08da6a36f97e17472936ef2f07f80 [log] [tgz]
author: Dongwon Kang <dwkang@google.com> Fri Jun 21 14:17:58 2019 -0700
committer: JP Sugarbroad <jpsugar@google.com> Wed Aug 07 14:12:59 2019 -0700
tree: 16debf886889f53ac8088e589331032488d0385e
parent: 1710948ff03908b2789d30350f030878e92aaf09 [diff]
diff --git a/media/libstagefright/codecs/m4v_h263/dec/src/packet_util.cpp b/media/libstagefright/codecs/m4v_h263/dec/src/packet_util.cpp
index 48414d7..5880e32 100644
--- a/media/libstagefright/codecs/m4v_h263/dec/src/packet_util.cpp
+++ b/media/libstagefright/codecs/m4v_h263/dec/src/packet_util.cpp

@@ -52,7 +52,11 @@
         PV_BitstreamByteAlign(stream);
         BitstreamReadBits32(stream, resync_marker_length);
 
-        *next_MB = (int) BitstreamReadBits16(stream, nbits);
+        int mbnum = (int) BitstreamReadBits16(stream, nbits);
+        if (mbnum < 0) {
+            return PV_FAIL;
+        }
+        *next_MB = mbnum;
 //      if (*next_MB <= video->mbnum)   /*  needs more investigation */
 //          *next_MB = video->mbnum+1;
commit	0ec238bc73c08da6a36f97e17472936ef2f07f80	[log] [tgz]
author	Dongwon Kang <dwkang@google.com>	Fri Jun 21 14:17:58 2019 -0700
committer	JP Sugarbroad <jpsugar@google.com>	Wed Aug 07 14:12:59 2019 -0700
tree	16debf886889f53ac8088e589331032488d0385e
parent	1710948ff03908b2789d30350f030878e92aaf09 [diff]