This commit adds a check before reading into RefBuffer to prevent OOB
read.
BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=612023
(cherry picked from commit 4f0e4d6cef827bc452848e126a6bedc47424da88)
Change-Id: I4f0732d4ca92f79b57103bffcff15499073e79a4
This commit change to promote uint8_t explicitly to uint32_t before
left shift operation.
BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=612021
Change-Id: Id7059154efb5bdfa45889dabe72aaafd46d79f23
(cherry picked from commit 2240d83d7882ce2d5d0826b9ce33b86321d7a724)
Change-Id: I392d25c38353f071cf0e8ab242d32098a7d68ecb
decoder_peek_si_internal could potentially read more bytes than
what actually exists in the input buffer. We check for the buffer
size to be at least 8, but we try to read up to 10 bytes in the
worst case. A well crafted file could thus cause a segfault.
Likely change that introduced this bug was:
https://chromium-review.googlesource.com/#/c/70439 (git hash:
7c43fb6)
BUG=chromium:621095
(cherry picked from commit aa1c813c43c6b2e43036d5573f361924195d65b7)
Change-Id: Id74880cfdded44caaa45bbdbaac859c09d3db752
This commit adds check to validate RefBuffer before reading into the
data structure, to prevent invalid read.
BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=614701
(cherry picked from commit 75b6cfe1c50e749a0edb5460a491ca5ac947aff5)
Change-Id: Ie111e95bd18e88fa19d8b25e097cdf52b7139cb6
For at least some of the implementations of sdx8f, such as
vpx_sad4x4x8_sse4_1, aligned moves are used to move the results into the
array.
Change-Id: I83df5a8e657b44e906d0d8b0bc154f1e5660f7f9
block_variance: This operates on 8x8s and would be safe with a int32 *
int32 to uint32 multiply, but this is potentially unsafe for 12-bit
input. Unfortunately the code already segfaults on 12-bit input:
https://bugs.chromium.org/p/webm/issues/detail?id=1223
calculate_variance: This operates on up to a 32x32 of 8x8s and can
overflow even with 8-bit input (log2((256*32*32)**2) == 36).
BUG=https://bugs.chromium.org/p/webm/issues/detail?id=1220
Change-Id: I1ca4ff6092db9a7580da371ee9a21f403fdadc40
Reduce factor for setting base-qp for active_best_quality (for inter-frames).
Small increase in metrics on yt live set.
Change-Id: I9cf0ac797783aeddbfaf1ff510696c9035d7c5ee
This change makes the c match the assembly and removes the todo's
associated with getting this to work.
Change-Id: Ie32e9ebb584a9d60399662d8bcb71b74fbd19d1e
These implementations rely on casting the pointers to load the data.
Clang implemented optimizations which automatically add alignment hints
to such loads. The 4x4 filters do not guarantee the necessary alignment
so the resulting assembly is broken.
https://llvm.org/bugs/show_bug.cgi?id=24421
BUG=webm:817
BUG=webm:892
Change-Id: I608885299f1f86ff83653b65e0e40d0ae87fb3fe
* changes:
vp9_frame_scale_ssse3.c: make 2 functions static
vp9_pickmode.c: make function static
vp9_noise_estimate.c: make function static
vp9_aq_360.c: add missing include
vp9_idct_intrin_sse2: add missing vp9_rtcd.h include
vpx_dsp/*.[hc]: add missing vpx_dsp_rtcd.h include
Makes the delta-qp stop little earlier on areas that have been refreshed enough.
This helps to reduce some pulsing artifact on noisy flat areas observed in some
noisy vc-clips.
Threshold changes only take effect for sources where noise level is estimated to
be >= medium level.
Only affects 1 pass CBR, non-screen content case.
Change-Id: Iacf557f6aa8abbcd6782c02ff2e6c14891960850
For 1 pass vbr mode:
Refactor to move the logic for gf setting based on up-coming
key frames to a separate function, so same logic can be used for
scene-cuts/changes.
Change-Id: Ic4ede308e08ba869bb62e4566e19ea31222c5229
