vp10: disallow coding zero-sized tiles-in-frame/frames-in-superframe.

author Ronald S. Bultje <rsbultje@gmail.com>

Tue, 20 Oct 2015 16:13:03 +0000 (12:13 -0400)

committer Ronald S. Bultje <rsbultje@gmail.com>

Tue, 20 Oct 2015 18:48:31 +0000 (14:48 -0400)
author Ronald S. Bultje <rsbultje@gmail.com>
Tue, 20 Oct 2015 16:13:03 +0000 (12:13 -0400)
committer Ronald S. Bultje <rsbultje@gmail.com>
Tue, 20 Oct 2015 18:48:31 +0000 (14:48 -0400)
diff --git a/vp10/decoder/decodeframe.c b/vp10/decoder/decodeframe.c

index c3ab3d2..fa28e7c 100644 (file)
--- a/vp10/decoder/decodeframe.c
+++ b/vp10/decoder/decodeframe.c
@@ -1448,9 +1448,9 @@ static void get_tile_buffer(const uint8_t *const data_end,
      if (decrypt_cb) {
        uint8_t be_data[4];
        decrypt_cb(decrypt_state, *data, be_data, tile_sz_mag + 1);
-      size = mem_get_varsize(be_data, tile_sz_mag);
+      size = mem_get_varsize(be_data, tile_sz_mag) + CONFIG_MISC_FIXES;
      } else {
-      size = mem_get_varsize(*data, tile_sz_mag);
+      size = mem_get_varsize(*data, tile_sz_mag) + CONFIG_MISC_FIXES;
      }
      *data += tile_sz_mag + 1;
  
diff --git a/vp10/decoder/decoder.c b/vp10/decoder/decoder.c

index 03a81f5..d8864d2 100644 (file)
--- a/vp10/decoder/decoder.c
+++ b/vp10/decoder/decoder.c
@@ -506,6 +506,7 @@ vpx_codec_err_t vp10_parse_superframe_index(const uint8_t *data,
  
          for (j = 0; j < mag; ++j)
            this_sz |= (*x++) << (j * 8);
+        this_sz += CONFIG_MISC_FIXES;
          sizes[i] = this_sz;
  #if CONFIG_MISC_FIXES
          frame_sz_sum += this_sz;
diff --git a/vp10/encoder/bitstream.c b/vp10/encoder/bitstream.c

index adc05cc..2c986fd 100644 (file)
--- a/vp10/encoder/bitstream.c
+++ b/vp10/encoder/bitstream.c
@@ -1117,9 +1117,13 @@ static size_t encode_tiles(VP10_COMP *cpi, uint8_t *data_ptr,
        assert(tok == tok_end);
        vpx_stop_encode(&residual_bc);
        if (tile_col < tile_cols - 1 || tile_row < tile_rows - 1) {
+        unsigned int tile_sz;
+
          // size of this tile
-        mem_put_le32(data_ptr + total_size, residual_bc.pos);
-        max_tile = max_tile > residual_bc.pos ? max_tile : residual_bc.pos;
+        assert(residual_bc.pos > 0);
+        tile_sz = residual_bc.pos - CONFIG_MISC_FIXES;
+        mem_put_le32(data_ptr + total_size, tile_sz);
+        max_tile = max_tile > tile_sz ? max_tile : tile_sz;
          total_size += 4;
        }
  
diff --git a/vp10/vp10_cx_iface.c b/vp10/vp10_cx_iface.c

index 6227708..21c9c03 100644 (file)
--- a/vp10/vp10_cx_iface.c
+++ b/vp10/vp10_cx_iface.c
@@ -795,7 +795,7 @@ static int write_superframe_index(vpx_codec_alg_priv_t *ctx) {
    marker |= ctx->pending_frame_count - 1;
  #if CONFIG_MISC_FIXES
    for (i = 0; i < ctx->pending_frame_count - 1; i++) {
-    const size_t frame_sz = (unsigned int) ctx->pending_frame_sizes[i];
+    const size_t frame_sz = (unsigned int) ctx->pending_frame_sizes[i] - 1;
      max_frame_sz = frame_sz > max_frame_sz ? frame_sz : max_frame_sz;
    }
  #endif
@@ -836,8 +836,10 @@ static int write_superframe_index(vpx_codec_alg_priv_t *ctx) {
  
      *x++ = marker;
      for (i = 0; i < ctx->pending_frame_count - CONFIG_MISC_FIXES; i++) {
-      unsigned int this_sz = (unsigned int)ctx->pending_frame_sizes[i];
+      unsigned int this_sz;
  
+      assert(ctx->pending_frame_sizes[i] > 0);
+      this_sz = (unsigned int)ctx->pending_frame_sizes[i] - CONFIG_MISC_FIXES;
        for (j = 0; j <= mag; j++) {
          *x++ = this_sz & 0xff;
          this_sz >>= 8;
author	Ronald S. Bultje <rsbultje@gmail.com>
	Tue, 20 Oct 2015 16:13:03 +0000 (12:13 -0400)
committer	Ronald S. Bultje <rsbultje@gmail.com>
	Tue, 20 Oct 2015 18:48:31 +0000 (14:48 -0400)
vp10/decoder/decodeframe.c		patch \| blob \| history
vp10/decoder/decoder.c		patch \| blob \| history
vp10/encoder/bitstream.c		patch \| blob \| history
vp10/vp10_cx_iface.c		patch \| blob \| history