Avoid integer overflow errors when parsing Exp-Golomb codes

media/filters/h264_parser.cc

Index: media/filters/h264_parser.cc
diff --git a/media/filters/h264_parser.cc b/media/filters/h264_parser.cc
index d751de77fcaa06ebdabee2ca130385189b2fc80b..d1fa685d42f9e0857cd7c50d81ce34549f759d8d 100644
--- a/media/filters/h264_parser.cc
+++ b/media/filters/h264_parser.cc
@@ -2,13 +2,15 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "media/filters/h264_parser.h"
+
+#include <limits>
+
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/stl_util.h"
-
 #include "media/base/decrypt_config.h"
-#include "media/filters/h264_parser.h"
 
 namespace media {
 
@@ -318,7 +320,15 @@ H264Parser::Result H264Parser::ReadUE(int* val) {
     return kInvalidStream;
 
   // Calculate exp-Golomb code value of size num_bits.
-  *val = (1 << num_bits) - 1;
+  // Special case for |num_bits| == 31 to avoid integer overflow. The only

[DaleCurtis, 2016/04/07 21:19:21]

Comment goes with l.328, 

+  // valid representation as an int is 2^31 - 1, so the remaining bits must
+  // be 0 or else the number is too large.
+  *val = (1u << num_bits) - 1u;
+
+  if (num_bits == 31) {
+    READ_BITS_OR_RETURN(num_bits, &rest);
+    return (rest == 0) ? kOk : kInvalidStream;

[DaleCurtis, 2016/04/07 21:19:21]

Could just be "return rest ? kInvalidStream : kOk"

+  }
 
   if (num_bits > 0) {
     READ_BITS_OR_RETURN(num_bits, &rest);