This commit adds a check before reading into RefBuffer to prevent OOB
read.
BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=612023
(cherry picked from commit 4f0e4d6cef827bc452848e126a6bedc47424da88)
Change-Id: I4f0732d4ca92f79b57103bffcff15499073e79a4
This commit change to promote uint8_t explicitly to uint32_t before
left shift operation.
BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=612021
Change-Id: Id7059154efb5bdfa45889dabe72aaafd46d79f23
(cherry picked from commit 2240d83d7882ce2d5d0826b9ce33b86321d7a724)
Change-Id: I392d25c38353f071cf0e8ab242d32098a7d68ecb
decoder_peek_si_internal could potentially read more bytes than
what actually exists in the input buffer. We check for the buffer
size to be at least 8, but we try to read up to 10 bytes in the
worst case. A well crafted file could thus cause a segfault.
Likely change that introduced this bug was:
https://chromium-review.googlesource.com/#/c/70439 (git hash:
7c43fb6)
BUG=chromium:621095
(cherry picked from commit aa1c813c43c6b2e43036d5573f361924195d65b7)
Change-Id: Id74880cfdded44caaa45bbdbaac859c09d3db752
This commit adds check to validate RefBuffer before reading into the
data structure, to prevent invalid read.
BUG=https://bugs.chromium.org/p/chromium/issues/detail?id=614701
(cherry picked from commit 75b6cfe1c50e749a0edb5460a491ca5ac947aff5)
Change-Id: Ie111e95bd18e88fa19d8b25e097cdf52b7139cb6
block_variance: This operates on 8x8s and would be safe with a int32 *
int32 to uint32 multiply, but this is potentially unsafe for 12-bit
input. Unfortunately the code already segfaults on 12-bit input:
https://bugs.chromium.org/p/webm/issues/detail?id=1223
calculate_variance: This operates on up to a 32x32 of 8x8s and can
overflow even with 8-bit input (log2((256*32*32)**2) == 36).
BUG=https://bugs.chromium.org/p/webm/issues/detail?id=1220
Change-Id: I1ca4ff6092db9a7580da371ee9a21f403fdadc40
Reduce factor for setting base-qp for active_best_quality (for inter-frames).
Small increase in metrics on yt live set.
Change-Id: I9cf0ac797783aeddbfaf1ff510696c9035d7c5ee
* changes:
vp9_frame_scale_ssse3.c: make 2 functions static
vp9_pickmode.c: make function static
vp9_noise_estimate.c: make function static
vp9_aq_360.c: add missing include
vp9_idct_intrin_sse2: add missing vp9_rtcd.h include
vpx_dsp/*.[hc]: add missing vpx_dsp_rtcd.h include
Makes the delta-qp stop little earlier on areas that have been refreshed enough.
This helps to reduce some pulsing artifact on noisy flat areas observed in some
noisy vc-clips.
Threshold changes only take effect for sources where noise level is estimated to
be >= medium level.
Only affects 1 pass CBR, non-screen content case.
Change-Id: Iacf557f6aa8abbcd6782c02ff2e6c14891960850
For 1 pass vbr mode:
Refactor to move the logic for gf setting based on up-coming
key frames to a separate function, so same logic can be used for
scene-cuts/changes.
Change-Id: Ic4ede308e08ba869bb62e4566e19ea31222c5229
Makes the noise estimation react little faster.
Little/no change in metrics.
Change only affects 1 pass cbr.
Change-Id: I13f0daa90ecbf9d49eb1cf2e48febd9d92292940
"qc" in vp{9,10}_token_state is used to save quantized coefficients, this
commit changes the type from short to tran_low_t to properly reflect
the value range for highbitdepth build.
This fixes an out-of-range bug when optimize_b is used in highbitdepth
build.
Change-Id: Ibf330879e6ac6ae8f099e085caa9d3d9a889fde8
This is an actual overflow where the result of the calculation is
materially changed, not just a negative value that is stored in an
unsigned.
Caught with fsanitize=integer on the VP9/AqSegmentTest.TestNoMisMatchAQ2/1 test.
Change-Id: I514b0ef4ae7ad50e3e08c0079aa204d59fa679aa
Move skin superblock force split out of this function as well
as some minor code refactors. Checked bitexact for different speed
settings and different resolutions.
Change-Id: I6078cbe88dd9ce6c0b69470a8a0a8f8d2274161b
First, we only set use_4x4_partition for key frame where we don't
denoise; second, envision we have small partitions, we should pass the
actual block size to denoiser and make an early termination if needed.
Change-Id: I331f42046d792b17360723d17ff817d601394658
Wrap around behavior is enforced manually and we use the values in
arithmetic involving negative integers.
Change-Id: I199706b6f3af91f4fb6fe2ef302fbbc6d0cf5785
Block size passed into denoiser filter is always >= BLOCK_8X8 (in
vp9_pick_inter_mode), it is not necessary to check smaller block
size. Passed the bitexact test on clips with different resolutions and
noise levels.
Change-Id: I19fa3195d18c27d9e5de60dc11cff1522ef3714e
Fix will reset the consec_zero_mv map on non-skipped blocks with non-zero mv.
Adjust thresholds on consec_zero_mv in noise estimation and skin detection,
as more possible reset on map means lower thresholds should be used.
Change-Id: Ibe8520057472b3609585260b51b6f95a38fb777d
In VP9 internal denoiser, motion magnitude is computed from
best_sse_mv, which should be set to 0 at the begining. This bug may
cause visual aritifact in denoiser. Also, delete two improper comments.
Change-Id: I8710d2acba23320bc85cf72af17d65245c19438b
