From 2f2b79a495c4bf3c8a834bb1faedd3148fe02762 Mon Sep 17 00:00:00 2001
From: David Rosca <david.rosca@amd.com>
Date: Mon, 14 Oct 2024 10:44:28 +0200
Subject: [PATCH] frontends/va: Fix parsing leb128 when using more than 4 bytes

Bit shift would go over 32 bits. Also add assert for maximum
value as allowed by spec.

Fixes coverity issue 1469252 Bad bit shift operation

Fixes: 5edbecb8569 ("frontends/va: adding va av1 encoding functions")
Acked-by: Leo Liu <leo.liu@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/31622>
(cherry picked from commit 2cb3c2e8d5e306bd64a303c3254dd80b9c49248f)
---
 .pick_status.json                          | 2 +-
 src/gallium/frontends/va/picture_av1_enc.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.pick_status.json b/.pick_status.json
index b728524e6aa..15751f45333 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -284,7 +284,7 @@
         "description": "frontends/va: Fix parsing leb128 when using more than 4 bytes",
         "nominated": true,
         "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "5edbecb8569d88e7faa28ca7a56eb5e1672a2dd0",
         "notes": null
diff --git a/src/gallium/frontends/va/picture_av1_enc.c b/src/gallium/frontends/va/picture_av1_enc.c
index 9126f905f50..f72c2f052eb 100644
--- a/src/gallium/frontends/va/picture_av1_enc.c
+++ b/src/gallium/frontends/va/picture_av1_enc.c
@@ -84,17 +84,18 @@ static unsigned av1_uvlc(struct vl_vlc *vlc)
 
 static unsigned av1_uleb128(struct vl_vlc *vlc)
 {
-   unsigned value = 0;
+   uint64_t value = 0;
    unsigned leb128Bytes = 0;
    unsigned i;
 
    for (i = 0; i < 8; ++i) {
       leb128Bytes = av1_f(vlc, 8);
-      value |= ((leb128Bytes & 0x7f) << (i * 7));
+      value |= ((uint64_t)(leb128Bytes & 0x7f) << (i * 7));
       if (!(leb128Bytes & 0x80))
          break;
    }
 
+   assert(value <= UINT32_MAX);
    return value;
 }