diff options
author | Ronald S. Bultje <rsbultje@gmail.com> | 2014-02-08 15:48:19 -0500 |
---|---|---|
committer | Clément Bœsch <u@pkh.me> | 2014-02-08 22:08:20 +0100 |
commit | 0c67864a37a5a6dee19341da6e6cfa369c52d1db (patch) | |
tree | 407b09b7c9bab1bb695ac1c6755c369c46826a40 | |
parent | 0c4bf87b296145e38510655d1a14196493d5c54e (diff) | |
download | ffmpeg-0c67864a37a5a6dee19341da6e6cfa369c52d1db.tar.gz |
vp9: don't allow retaining old segmentation maps after a size change.
Fixes valgrind warnings on fuzzed10.ivf.
-rw-r--r-- | libavcodec/vp9.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c index a075d85ab9..7080658975 100644 --- a/libavcodec/vp9.c +++ b/libavcodec/vp9.c @@ -110,6 +110,7 @@ typedef struct VP9Context { uint8_t keyframe, last_keyframe; uint8_t invisible; uint8_t use_last_frame_mvs; + uint8_t use_last_frame_segmap; uint8_t errorres; uint8_t colorspace; uint8_t fullrange; @@ -278,7 +279,7 @@ static int vp9_alloc_frame(AVCodecContext *ctx, VP9Frame *f) // retain segmentation map if it doesn't update if (s->segmentation.enabled && !s->segmentation.update_map && - !s->keyframe && !s->intraonly) { + s->use_last_frame_segmap) { memcpy(f->segmentation_map, s->frames[LAST_FRAME].segmentation_map, sz); } @@ -625,6 +626,10 @@ static int decode_frame_header(AVCodecContext *ctx, for (i = 0; i < 3; i++) s->prob.segpred[i] = get_bits1(&s->gb) ? get_bits(&s->gb, 8) : 255; + } else { + s->use_last_frame_segmap = !s->keyframe && !s->intraonly && + s->frames[CUR_FRAME].tf.f->width == w && + s->frames[CUR_FRAME].tf.f->height == h; } if (get_bits1(&s->gb)) { @@ -1279,11 +1284,11 @@ static void decode_mode(AVCodecContext *ctx) int h4 = FFMIN(s->rows - row, bwh_tab[1][b->bs][1]), y; int have_a = row > 0, have_l = col > s->tiling.tile_col_start; - if (!s->segmentation.enabled) { + if (!s->segmentation.enabled || + (!s->segmentation.update_map && !s->use_last_frame_segmap)) { b->seg_id = 0; } else if (s->keyframe || s->intraonly) { - b->seg_id = s->segmentation.update_map ? - vp8_rac_get_tree(&s->c, vp9_segmentation_tree, s->prob.seg) : 0; + b->seg_id = vp8_rac_get_tree(&s->c, vp9_segmentation_tree, s->prob.seg); } else if (!s->segmentation.update_map || (s->segmentation.temporal && vp56_rac_get_prob_branchy(&s->c, |