In the process of fixing a ubsan warning:
commit 738b829b8c
Fix incorrect size reading
the inferred check of start < end was removed. This causes fuzzed files
to get a little further and segfault in vp8dx_start_decode.
Change-Id: I316e23058753ba42dbcc46d27eb575f51c8a9e9a
Cherry pick from vp9:
commit 85770264ac
Guard against incorrect size values moving *data past data_end.
Check read length against the difference of the buffers.
Change-Id: I5e8679ddd447c4d73deb80be5ec94841a92c5fcd
Fixes issue on iPad Pro 10.5 (and probably other places) where threads
are not properly synchronized. On x86 this data race was benign as load
and store instructions are atomic, they were being atomic in practice as
the program hasn't been observed to be miscompiled.
Such guarantees are not made outside x86, and real problems manifested
where libvpx reliably reproduced a broken bitstream for even just the
initial keyframe. This was detected in WebRTC where this device started
using multithreading (as its CPU count is higher than earlier devices,
where the problem did not manifest as single-threading was used in
practice).
This issue was not detected under thread-sanitizer bots as mutexes were
conditionally used under this platform to simulate the protected read
and write semantics that were in practice provided on x86 platforms.
This change also removes several mutexes, so encoder/decoder state is
lighter-weight after this change and we do not need to initialize so
many mutexes (this was done even on non-thread-sanitizer platforms where
they were unused).
Change-Id: If41fcb0d99944f7bbc8ec40877cdc34d672ae72a
the check for error correction being disabled was overriding the data
length checks. this avoids returning incorrect information (width /
height) for the decoded frame which could result in inconsistent sizes
returned in to an application causing it to read beyond the bounds of
the frame allocation.
BUG=webm:1443
BUG=b/62458770
Change-Id: I063459674e01b57c0990cb29372e0eb9a1fbf342
1 - stops de allocating before threads are closed.
2 - limits threads to mb_rows when mb_rows < partitions
BUG=webm:851
Change-Id: I7ead53e80cc0f8c2e4c1c53506eff8431de2a37e
Cleans warning in Android build:
comparison of integers of different signs: 'unsigned int' and 'int'
int n = (int)VPXMIN(sizeof(clear_buffer), data_end - data);
^ ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
Change-Id: I964355ceae6b39e22c0196294b25e28387f84945
the quantizer is transmitted as 7-bits + sign so needs to be clamped in
the delta + absolute case.
BUG=https://bugzilla.mozilla.org/show_bug.cgi?id=1224361
Change-Id: I9115f5d1d5cf7e0a1d149d79486d9d17de9b9639
This commit added a check of reference frame to make sure that pre
buffer pointers are initialized only when necessary and make them
to 0 if ref frame is intra, hence those buffer should never be used.
Change-Id: Ieb474fcd9feb759f02e2f9c282b7348a8fa31117
