Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Xiph.Org
aom-rav1e
Commits
d203203c
Commit
d203203c
authored
Jun 16, 2014
by
Jingning Han
Committed by
Gerrit Code Review
Jun 16, 2014
Browse files
Merge "Fix out of boundary memory read in fuzz test on vpxdec"
parents
95fb9008
1ba18717
Changes
4
Hide whitespace changes
Inline
Side-by-side
test/test-data.sha1
View file @
d203203c
...
...
@@ -638,4 +638,5 @@ e615575ded499ea1d992f3b38e3baa434509cdcd vp90-2-15-segkey.webm
e3ab35d4316c5e81325c50f5236ceca4bc0d35df vp90-2-15-segkey.webm.md5
9b7ca2cac09d34c4a5d296c1900f93b1e2f69d0d vp90-2-15-segkey_adpq.webm
8f46ba5f785d0c2170591a153e0d0d146a7c8090 vp90-2-15-segkey_adpq.webm.md5
d78e2fceba5ac942246503ec8366f879c4775ca5 vp90-2-15-fuzz-flicker.webm
bbd7dd15f43a703ff0a332fee4959e7b23bf77dc vp90-2-15-fuzz-flicker.webm.md5
test/test.mk
View file @
d203203c
...
...
@@ -754,6 +754,8 @@ LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += vp90-2-15-segkey.webm
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER)
+=
vp90-2-15-segkey.webm.md5
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER)
+=
vp90-2-15-segkey_adpq.webm
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER)
+=
vp90-2-15-segkey_adpq.webm.md5
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER)
+=
vp90-2-15-fuzz-flicker.webm
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER)
+=
vp90-2-15-fuzz-flicker.webm.md5
ifeq
($(CONFIG_DECODE_PERF_TESTS),yes)
# BBB VP9 streams
...
...
test/test_vectors.cc
View file @
d203203c
...
...
@@ -178,7 +178,8 @@ const char *const kVP9TestVectors[] = {
"vp90-2-14-resize-fp-tiles-4-2.webm"
,
"vp90-2-14-resize-fp-tiles-4-8.webm"
,
"vp90-2-14-resize-fp-tiles-8-16.webm"
,
"vp90-2-14-resize-fp-tiles-8-1.webm"
,
"vp90-2-14-resize-fp-tiles-8-2.webm"
,
"vp90-2-14-resize-fp-tiles-8-4.webm"
,
"vp90-2-15-segkey.webm"
,
"vp90-2-15-segkey_adpq.webm"
"vp90-2-15-segkey.webm"
,
"vp90-2-15-segkey_adpq.webm"
,
"vp90-2-15-fuzz-flicker.webm"
};
const
int
kNumVP9TestVectors
=
NELEMENTS
(
kVP9TestVectors
);
#endif // CONFIG_VP9_DECODER
...
...
vp9/vp9_dx_iface.c
View file @
d203203c
...
...
@@ -321,31 +321,33 @@ static void parse_superframe_index(const uint8_t *data, size_t data_sz,
const
uint32_t
mag
=
((
marker
>>
3
)
&
0x3
)
+
1
;
const
size_t
index_sz
=
2
+
mag
*
frames
;
uint8_t
marker2
=
read_marker
(
decrypt_cb
,
decrypt_state
,
data
+
data_sz
-
index_sz
);
if
(
data_sz
>=
index_sz
&&
marker2
==
marker
)
{
// found a valid superframe index
uint32_t
i
,
j
;
const
uint8_t
*
x
=
&
data
[
data_sz
-
index_sz
+
1
];
// frames has a maximum of 8 and mag has a maximum of 4.
uint8_t
clear_buffer
[
32
];
assert
(
sizeof
(
clear_buffer
)
>=
frames
*
mag
);
if
(
decrypt_cb
)
{
decrypt_cb
(
decrypt_state
,
x
,
clear_buffer
,
frames
*
mag
);
x
=
clear_buffer
;
}
if
(
data_sz
>=
index_sz
)
{
uint8_t
marker2
=
read_marker
(
decrypt_cb
,
decrypt_state
,
data
+
data_sz
-
index_sz
);
if
(
marker
==
marker2
)
{
// Found a valid superframe index.
uint32_t
i
,
j
;
const
uint8_t
*
x
=
&
data
[
data_sz
-
index_sz
+
1
];
// Frames has a maximum of 8 and mag has a maximum of 4.
uint8_t
clear_buffer
[
32
];
assert
(
sizeof
(
clear_buffer
)
>=
frames
*
mag
);
if
(
decrypt_cb
)
{
decrypt_cb
(
decrypt_state
,
x
,
clear_buffer
,
frames
*
mag
);
x
=
clear_buffer
;
}
for
(
i
=
0
;
i
<
frames
;
i
++
)
{
uint32_t
this_sz
=
0
;
for
(
i
=
0
;
i
<
frames
;
++
i
)
{
uint32_t
this_sz
=
0
;
for
(
j
=
0
;
j
<
mag
;
j
++
)
this_sz
|=
(
*
x
++
)
<<
(
j
*
8
);
sizes
[
i
]
=
this_sz
;
}
for
(
j
=
0
;
j
<
mag
;
++
j
)
this_sz
|=
(
*
x
++
)
<<
(
j
*
8
);
sizes
[
i
]
=
this_sz
;
}
*
count
=
frames
;
*
count
=
frames
;
}
}
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment