Overflow was happening in two places:
one in set_encoder_config(), where the input
layer_target_bitrates are converted from kbps to bps,
the other in vp9_calc_pframe_target_size_one_pass_vbr(),
where target is scaled by kf_ratio.
vp9_ratectrl.c:2039: runtime error: signed integer overflow:
-
137438983 * 25 cannot be represented in type 'int'
Bug: chromium:1475943
Change-Id: I1ab0980862548c8827fae461df9a7a74425209ff
int vp9_calc_iframe_target_size_one_pass_vbr(const VP9_COMP *cpi) {
static const int kf_ratio = 25;
const RATE_CONTROL *rc = &cpi->rc;
- const int target = rc->avg_frame_bandwidth * kf_ratio;
+ int target = rc->avg_frame_bandwidth;
+ if (target > INT_MAX / kf_ratio)
+ target = INT_MAX;
+ else
+ target = rc->avg_frame_bandwidth * kf_ratio;
return vp9_rc_clamp_iframe_target_size(cpi, target);
}
for (sl = 0; sl < oxcf->ss_number_layers; ++sl) {
for (tl = 0; tl < oxcf->ts_number_layers; ++tl) {
- oxcf->layer_target_bitrate[sl * oxcf->ts_number_layers + tl] =
- 1000 * cfg->layer_target_bitrate[sl * oxcf->ts_number_layers + tl];
+ const int layer = sl * oxcf->ts_number_layers + tl;
+ if (cfg->layer_target_bitrate[layer] > INT_MAX / 1000)
+ oxcf->layer_target_bitrate[layer] = INT_MAX;
+ else
+ oxcf->layer_target_bitrate[layer] =
+ 1000 * cfg->layer_target_bitrate[layer];
}
}
if (oxcf->ss_number_layers == 1 && oxcf->pass != 0) {