Commit 772c97170e for aom

commit 772c97170ef1e9659cba4f4c5b0156db884bf99a
Author: Yunqing Wang <yunqingwang@google.com>
Date:   Mon Apr 20 11:18:54 2026 -0700

    Out-of-Bounds Array Read in ctrl_get_tile_data

    BUG=aomedia:503197473

    Change-Id: I795f3def8e47643c6bd0f63f477cbc844e4c86c8

diff --git a/av1/av1_dx_iface.c b/av1/av1_dx_iface.c
index 50baa4803c..cd41f8c15e 100644
--- a/av1/av1_dx_iface.c
+++ b/av1/av1_dx_iface.c
@@ -1326,6 +1326,11 @@ static aom_codec_err_t ctrl_get_tile_data(aom_codec_alg_priv_t *ctx,
       FrameWorkerData *const frame_worker_data =
           (FrameWorkerData *)worker->data1;
       const AV1Decoder *pbi = frame_worker_data->pbi;
+      if (pbi->dec_tile_row < 0 || pbi->dec_tile_row >= MAX_TILE_ROWS ||
+          pbi->dec_tile_col < 0 || pbi->dec_tile_col >= MAX_TILE_COLS) {
+        return AOM_CODEC_ERROR;
+      }
+
       tile_data->coded_tile_data_size =
           pbi->tile_buffers[pbi->dec_tile_row][pbi->dec_tile_col].size;
       tile_data->coded_tile_data =