1. 05 Feb, 2015 1 commit
    • James Zern's avatar
      vp9: fix segfault w/corrupt data post frame-parallel merge · 0261fb4c
      James Zern authored
      cm->frame_bufs[].idx values were made consistent in:
      61c5e94e Use -1 consistently as invalid buffer idx
      update the initialization in swap_frame_buffers() to match.
      additionally:
        - remove some shadowed variables in the former and marked them volatile
      
      Change-Id: Ie3f9636c405bd822112bb56bd22d28024ae98909
      0261fb4c
  2. 08 Dec, 2014 1 commit
  3. 06 Nov, 2014 1 commit
    • Yunqing Wang's avatar
      Modify the frame context memory deallocation · 12284334
      Yunqing Wang authored
      This patch was to fix the vpxdec fuzzing3 test failure. When an
      error occurs, setjmp() is invoked, which calls the decoder
      removing routine. In multiple thread situation, other threads
      could try to access the frame context memory that is already
      deallocated, thus causing a segfault.
      
      An invalid unit test was added for this issue.
      
      Change-Id: Ida7442154f3d89759483f0f4fe0324041fffb952
      12284334
  4. 10 Sep, 2014 1 commit
  5. 08 Sep, 2014 1 commit
  6. 05 Sep, 2014 2 commits
    • James Zern's avatar
      vp9: correct context buffer resize check · bb4950df
      James Zern authored
      allocations within vp9_alloc_context_buffers() rely on mi_rows/mi_cols
      individually, use those to determine whether to realloc rather than
      stride and stride * rows. this fixes a crash with some fuzzed files for
      invalid accesses into last_frame_seg_map and above_context.
      
      Change-Id: I7b9f40dcf170d443890f3bd2acd285507943c7d4
      bb4950df
    • James Zern's avatar
      vp9: fail decode if block/frame refs are corrupt · 440f5097
      James Zern authored
      proceeding using a corrupt (incompletely decoded) frame reference may
      lead to incorrect assumptions about allocation sizes leading to a crash.
      
      Change-Id: I76e74f2e1be127c2e2c7e1174bb3307497dfd23d
      440f5097
  7. 29 Aug, 2014 1 commit
    • James Zern's avatar
      vp9: fix m/t loop filter invalid free · fec40f92
      James Zern authored
      store the number of allocated rows in VP9LfSync, the calculated values
      can not be relied on when dealing with corrupt material.
      
      Change-Id: I13b8bcec9738c299a71df726772ab7ac05511e5b
      fec40f92
  8. 27 Aug, 2014 2 commits
    • James Zern's avatar
      vp9: fix crash in inline loopfilter w/corrupt file · cde790c3
      James Zern authored
      attempting to decode a frame after the previous frame failed has the
      potential of interrupting an earlier loop filter task
      
      Change-Id: I6f2b1ddcdf5b89c3e2ee8caf5289dada2a087d66
      cde790c3
    • James Zern's avatar
      vp9: fix crash in mt loopfilter w/corrupt file · 4f27202d
      James Zern authored
      if the first frame was corrupt and loop filter not called, the next call
      would assume the necessary allocations had been done and segfault when
      accessing a NULL pointer
      
      Change-Id: Ib6ef505e5c594e6f0fe65ab0700172bcf06b92a6
      4f27202d
  9. 23 Aug, 2014 1 commit
  10. 22 Aug, 2014 2 commits
  11. 18 Jul, 2014 1 commit
  12. 15 Jul, 2014 1 commit
    • James Zern's avatar
      invalid_file_test: add an operator<< for DecodeParam · c1259aa3
      James Zern authored
      Improves the --gtest_list_tests output and avoids a valgrind warning in
      gtest's testing::internal2::PrintBytesInObjectTo() due to padding in the
      structure.
      
      old:
      VP9/InvalidFileTest.
        ReturnCode/0  # GetParam() = (0x9d5308, 16-byte object <01-00 00-00 00-00 00-00 37-02 73-00 00-00 00-00>)
      
      new:
      VP9/InvalidFileTest.
        ReturnCode/0  # GetParam() = (0x9d5308, threads: 1 file: invalid-vp90-01-v2.webm)
      
      Change-Id: Ifb9c66fba2e72272bd591a3f6273aeb6bda6af4a
      c1259aa3
  13. 12 Jul, 2014 1 commit
    • James Zern's avatar
      invalid_file_test: convert test param from tuple to struct · 44eb577c
      James Zern authored
      fixes visual studio 9 + apple clang builds where the template type is
      interpreted as char[] rather than const char*:
      
      ::f1_' : cannot specify explicit initializer for arrays
      error: array initializer must be an initializer list or string literal
      
      Change-Id: I27286ce341b2f7a09b6202caffd6b72f64fd2234
      44eb577c
  14. 11 Jul, 2014 1 commit
  15. 02 Jul, 2014 1 commit
  16. 01 Jul, 2014 1 commit
  17. 27 Jun, 2014 1 commit
    • Jim Bankoski's avatar
      Better validation of invalid files · 9f37d149
      Jim Bankoski authored
      This patch checks that a decoder never tries to reference frame that's
      outside the range of 2x to 1/16th the size of this frame.  Any attempt
      to do so causes a failure.
      
      Change-Id: I5c98fa7bb95ac4f29146f29dd92b62fe96164e4c
      9f37d149
  18. 25 Jun, 2014 1 commit
    • James Zern's avatar
      vp9: check tile column count · b2b07755
      James Zern authored
      the max is 6. there are assumptions throughout the decode regarding
      this; fixes a crash with a fuzzed bitstream
      
      $ zzuf -s 5861 -r 0.01:0.05 -b 6- \
        < vp90-2-00-quantizer-00.webm.ivf \
        | dd of=invalid-vp90-2-00-quantizer-00.webm.ivf.s5861_r01-05_b6-.ivf \
          bs=1 count=81883
      
      Change-Id: I6af41bb34252e88bc156a4c27c80d505d45f5642
      b2b07755
  19. 23 Jun, 2014 1 commit
    • Jim Bankoski's avatar
      error check vp9 superframe parsing · c3db2d8b
      Jim Bankoski authored
      This patch insures that the last byte of a chunk that contains a
      valid superframe marker byte,  actually has a proper superframe index.
      If not it returns an error.
      
      As part of doing that the file : vp90-2-15-fuzz-flicker.webm now fails
      to decode properly and moves to the invalid file test from the test
      vector suite.
      
      Change-Id: I5f1da7eb37282ec0c6394df5c73251a2df9c1744
      c3db2d8b
  20. 20 Jun, 2014 2 commits