Commit 0d7c4b05 authored by David Barker's avatar David Barker

Avoid reading uninitialized data in decodemv.c

The existing code has a case where we set a variable to equal
xd->ref_mv_stack[mbmi->ref_frame[0]][1 + mbmi->ref_mv_idx]
even for compound blocks. However, the range of allowable
values for mbmi->ref_mv_idx is determined by the ref_mv_count
for the *combined* ref frame, not for the first single ref frame.

This means that, if we have more ref-mv candidates for the combined
ref frame than for the first single ref frame, then we can sometimes
fetch uninitialized data.
In every case where this happens, we immediately overwrite
the destination with the correct mv, but it is still preferable
to avoid reading uninitialized data.

This patch moves the code block to avoid this bug. In addition,
the variable (nearmv[0]) is only used when the mode equals NEARMV,
so the condition on its assignment is changed to reflect that.

Change-Id: I3bd268dc80d8065d5189999232b8a0f826d40a95
parent cf18fe4e
......@@ -2379,12 +2379,6 @@ static void read_inter_block_mode_info(AV1Decoder *const pbi,
}
}
if (mbmi->ref_mv_idx > 0) {
int_mv cur_mv =
xd->ref_mv_stack[mbmi->ref_frame[0]][1 + mbmi->ref_mv_idx].this_mv;
nearmv[0] = cur_mv;
}
#if CONFIG_EXT_INTER
#if CONFIG_COMPOUND_SINGLEREF
if ((is_compound || is_singleref_comp_mode) &&
......@@ -2462,6 +2456,10 @@ static void read_inter_block_mode_info(AV1Decoder *const pbi,
nearmv[1] = xd->ref_mv_stack[ref_frame_type][ref_mv_idx].comp_mv;
}
#endif // CONFIG_EXT_INTER
} else if (mbmi->ref_mv_idx > 0 && mbmi->mode == NEARMV) {
int_mv cur_mv =
xd->ref_mv_stack[mbmi->ref_frame[0]][1 + mbmi->ref_mv_idx].this_mv;
nearmv[0] = cur_mv;
}
#if !CONFIG_DUAL_FILTER && !CONFIG_WARPED_MOTION && !CONFIG_GLOBAL_MOTION
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment