Commit 440f5097 authored by James Zern's avatar James Zern
Browse files

vp9: fail decode if block/frame refs are corrupt

proceeding using a corrupt (incompletely decoded) frame reference may
lead to incorrect assumptions about allocation sizes leading to a crash.

Change-Id: I76e74f2e1be127c2e2c7e1174bb3307497dfd23d
parent 3de038f3
...@@ -113,9 +113,10 @@ TEST_P(InvalidFileTest, ReturnCode) { ...@@ -113,9 +113,10 @@ TEST_P(InvalidFileTest, ReturnCode) {
const DecodeParam kVP9InvalidFileTests[] = { const DecodeParam kVP9InvalidFileTests[] = {
{1, "invalid-vp90-02-v2.webm"}, {1, "invalid-vp90-02-v2.webm"},
{1, "invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.v2.ivf"}, {1, "invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.v2.ivf"},
{1, "invalid-vp90-03-v2.webm"}, {1, "invalid-vp90-03-v3.webm"},
{1, "invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-.ivf"}, {1, "invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-.ivf"},
{1, "invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-z.ivf"}, {1, "invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-z.ivf"},
{1, "invalid-vp90-2-12-droppable_1.ivf.s3676_r01-05_b6-.ivf"},
}; };
VP9_INSTANTIATE_TEST_CASE(InvalidFileTest, VP9_INSTANTIATE_TEST_CASE(InvalidFileTest,
......
...@@ -10,8 +10,8 @@ fe346136b9b8c1e6f6084cc106485706915795e4 invalid-vp90-01-v2.webm ...@@ -10,8 +10,8 @@ fe346136b9b8c1e6f6084cc106485706915795e4 invalid-vp90-01-v2.webm
25751f5d3b05ff03f0719ad42cd625348eb8961e invalid-vp90-01-v2.webm.res 25751f5d3b05ff03f0719ad42cd625348eb8961e invalid-vp90-01-v2.webm.res
d78e2fceba5ac942246503ec8366f879c4775ca5 invalid-vp90-02-v2.webm d78e2fceba5ac942246503ec8366f879c4775ca5 invalid-vp90-02-v2.webm
8e2eff4af87d2b561cce2365713269e301457ef3 invalid-vp90-02-v2.webm.res 8e2eff4af87d2b561cce2365713269e301457ef3 invalid-vp90-02-v2.webm.res
df1a1453feb3c00d7d89746c7003b4163523bff3 invalid-vp90-03-v2.webm df1a1453feb3c00d7d89746c7003b4163523bff3 invalid-vp90-03-v3.webm
25dd58c22d23f75304d7ce7f69f4e5b02ef9119a invalid-vp90-03-v2.webm.res 4935c62becc68c13642a03db1e6d3e2331c1c612 invalid-vp90-03-v3.webm.res
d637297561dd904eb2c97a9015deeb31c4a1e8d2 invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm d637297561dd904eb2c97a9015deeb31c4a1e8d2 invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm
3a204bdbeaa3c6458b77bcebb8366d107267f55d invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm.res 3a204bdbeaa3c6458b77bcebb8366d107267f55d invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm.res
a432f96ff0a787268e2f94a8092ab161a18d1b06 park_joy_90p_10_420.y4m a432f96ff0a787268e2f94a8092ab161a18d1b06 park_joy_90p_10_420.y4m
...@@ -691,3 +691,5 @@ d3ea592c8d7b05d14c7ed48befc0a3aaf7709b7a invalid-vp90-2-09-subpixel-00.ivf.s195 ...@@ -691,3 +691,5 @@ d3ea592c8d7b05d14c7ed48befc0a3aaf7709b7a invalid-vp90-2-09-subpixel-00.ivf.s195
368dccdde5288c13c25695d2eacdc7402cadf613 vp90-2-19-skip.webm.md5 368dccdde5288c13c25695d2eacdc7402cadf613 vp90-2-19-skip.webm.md5
ffe460282df2b0e7d4603c2158653ad96f574b02 vp90-2-19-skip-01.webm ffe460282df2b0e7d4603c2158653ad96f574b02 vp90-2-19-skip-01.webm
bd21bc9eda4a4a36b221d71ede3a139fc3c7bd85 vp90-2-19-skip-01.webm.md5 bd21bc9eda4a4a36b221d71ede3a139fc3c7bd85 vp90-2-19-skip-01.webm.md5
b03c408cf23158638da18dbc3323b99a1635c68a invalid-vp90-2-12-droppable_1.ivf.s3676_r01-05_b6-.ivf
0a3884edb3fd8f9d9b500223e650f7de257b67d8 invalid-vp90-2-12-droppable_1.ivf.s3676_r01-05_b6-.ivf.res
...@@ -797,8 +797,8 @@ LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-01-v2.webm ...@@ -797,8 +797,8 @@ LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-01-v2.webm
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-01-v2.webm.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-01-v2.webm.res
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-02-v2.webm LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-02-v2.webm
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-02-v2.webm.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-02-v2.webm.res
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-03-v2.webm LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-03-v3.webm
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-03-v2.webm.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-03-v3.webm.res
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.v2.ivf LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.v2.ivf
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.v2.ivf.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.v2.ivf.res
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-.ivf LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-.ivf
...@@ -813,6 +813,8 @@ LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-aq2.webm.ivf.s3984_r ...@@ -813,6 +813,8 @@ LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-aq2.webm.ivf.s3984_r
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-aq2.webm.ivf.s3984_r01-05_b6-.ivf.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-aq2.webm.ivf.s3984_r01-05_b6-.ivf.res
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-subpixel-00.ivf.s19552_r01-05_b6-.ivf LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-subpixel-00.ivf.s19552_r01-05_b6-.ivf
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-subpixel-00.ivf.s19552_r01-05_b6-.ivf.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-09-subpixel-00.ivf.s19552_r01-05_b6-.ivf.res
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-12-droppable_1.ivf.s3676_r01-05_b6-.ivf
LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-12-droppable_1.ivf.s3676_r01-05_b6-.ivf.res
ifeq ($(CONFIG_DECODE_PERF_TESTS),yes) ifeq ($(CONFIG_DECODE_PERF_TESTS),yes)
# BBB VP9 streams # BBB VP9 streams
......
...@@ -330,6 +330,9 @@ static void set_ref(VP9_COMMON *const cm, MACROBLOCKD *const xd, ...@@ -330,6 +330,9 @@ static void set_ref(VP9_COMMON *const cm, MACROBLOCKD *const xd,
if (!vp9_is_valid_scale(&ref_buffer->sf)) if (!vp9_is_valid_scale(&ref_buffer->sf))
vpx_internal_error(&cm->error, VPX_CODEC_UNSUP_BITSTREAM, vpx_internal_error(&cm->error, VPX_CODEC_UNSUP_BITSTREAM,
"Invalid scale factors"); "Invalid scale factors");
if (ref_buffer->buf->corrupted)
vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
"Block reference is corrupt");
vp9_setup_pre_planes(xd, idx, ref_buffer->buf, mi_row, mi_col, vp9_setup_pre_planes(xd, idx, ref_buffer->buf, mi_row, mi_col,
&ref_buffer->sf); &ref_buffer->sf);
xd->corrupted |= ref_buffer->buf->corrupted; xd->corrupted |= ref_buffer->buf->corrupted;
...@@ -675,6 +678,10 @@ static void setup_frame_size_with_refs(VP9_COMMON *cm, ...@@ -675,6 +678,10 @@ static void setup_frame_size_with_refs(VP9_COMMON *cm,
YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf; YV12_BUFFER_CONFIG *const buf = cm->frame_refs[i].buf;
width = buf->y_crop_width; width = buf->y_crop_width;
height = buf->y_crop_height; height = buf->y_crop_height;
if (buf->corrupted) {
vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
"Frame reference is corrupt");
}
found = 1; found = 1;
break; break;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment