anv/video: fix out-of-bounds read

Since STD_VIDEO_H265_CHROMA_QP_OFFSET_TILE_COLS_LIST_SIZE is 19.

Fixes: 8d519eb5 ("anv: add initial video decode support for h265")
Closes: mesa/mesa#10529

Signed-off-by: Hyunjun Ko <zzoon@igalia.com>
Acked-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27373>
(cherry picked from commit d0d2cf549b)

.pick_status.json

@@ -414,7 +414,7 @@
         "description": "anv/video: fix out-of-bounds read",
         "nominated": true,
         "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": "8d519eb5f5947800279e4c02bf7aa79b0b65cd17",
         "notes": null

src/intel/vulkan/genX_video.c

@@ -551,7 +551,8 @@ anv_h265_decode_video(struct anv_cmd_buffer *cmd_buffer,
             cum += pps->column_width_minus1[4 * i + 2] + 1;
             tile.ColumnPosition[i].CtbPos3i = cum;
 
-            if ((4 * i + 3) == pps->num_tile_columns_minus1)
+            if ((4 * i + 3) >= MIN2(pps->num_tile_columns_minus1,
+                                    ARRAY_SIZE(pps->column_width_minus1)))
                break;
 
             cum += pps->column_width_minus1[4 * i + 3] + 1;