Fix fuzzing test issues reported by Chromium fuzzing test

Bug: chromium:1474155,chromium:1474156
Change-Id: I382bdcc0a70f1e5c5f5b0b76206cabf8c37502e8
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/317126
Reviewed-by: Sergey Silkin <ssilkin@webrtc.org>
Reviewed-by: Philip Eliasson <philipel@webrtc.org>
Reviewed-by: Erik Språng <sprang@webrtc.org>
Commit-Queue: Sergey Silkin <ssilkin@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#40596}

common_video/h265/h265_bitstream_parser.cc

@@ -292,6 +292,10 @@ H265BitstreamParser::Result H265BitstreamParser::ParseNonParameterSetNalu(
       }
 
       // Equation 7-57
+      IN_RANGE_OR_RETURN(ref_pic_set->num_negative_pics, 0,
+                         kMaxShortTermRefPicSets);
+      IN_RANGE_OR_RETURN(ref_pic_set->num_positive_pics, 0,
+                         kMaxShortTermRefPicSets);
       for (uint32_t i = 0; i < ref_pic_set->num_negative_pics; i++) {
         if (ref_pic_set->used_by_curr_pic_s0[i]) {
           num_pic_total_curr++;

common_video/h265/h265_sps_parser.cc

@@ -540,13 +540,13 @@ absl::optional<H265SpsParser::SpsState> H265SpsParser::ParseSpsInternal(
   }
   // log2_min_luma_coding_block_size_minus3: ue(v)
   sps.log2_min_luma_coding_block_size_minus3 = reader.ReadExponentialGolomb();
-  TRUE_OR_RETURN(sps.log2_min_luma_coding_block_size_minus3 <= 27);
+  IN_RANGE_OR_RETURN_NULL(sps.log2_min_luma_coding_block_size_minus3, 0, 27);
   // log2_diff_max_min_luma_coding_block_size: ue(v)
   sps.log2_diff_max_min_luma_coding_block_size = reader.ReadExponentialGolomb();
   int min_cb_log2_size_y = sps.log2_min_luma_coding_block_size_minus3 + 3;
   int ctb_log2_size_y = min_cb_log2_size_y;
   ctb_log2_size_y += sps.log2_diff_max_min_luma_coding_block_size;
-  TRUE_OR_RETURN(ctb_log2_size_y <= 30);
+  IN_RANGE_OR_RETURN_NULL(ctb_log2_size_y, 0, 30);
   int min_cb_size_y = 1 << min_cb_log2_size_y;
   int ctb_size_y = 1 << ctb_log2_size_y;
   sps.pic_width_in_ctbs_y =