From 4f27202df70ab870b3af3140b312df6cb55db728 Mon Sep 17 00:00:00 2001 From: James Zern Date: Wed, 27 Aug 2014 12:36:23 -0700 Subject: [PATCH] vp9: fix crash in mt loopfilter w/corrupt file if the first frame was corrupt and loop filter not called, the next call would assume the necessary allocations had been done and segfault when accessing a NULL pointer Change-Id: Ib6ef505e5c594e6f0fe65ab0700172bcf06b92a6 --- test/invalid_file_test.cc | 2 ++ test/test-data.sha1 | 2 ++ test/test.mk | 2 ++ vp9/decoder/vp9_dthread.c | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/test/invalid_file_test.cc b/test/invalid_file_test.cc index 34d623696..fd55d91f2 100644 --- a/test/invalid_file_test.cc +++ b/test/invalid_file_test.cc @@ -144,6 +144,8 @@ VP9_INSTANTIATE_TEST_CASE(InvalidFileInvalidPeekTest, const DecodeParam kMultiThreadedVP9InvalidFileTests[] = { {4, "invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm"}, + {4, "invalid-" + "vp90-2-08-tile_1x2_frame_parallel.webm.ivf.s47039_r01-05_b6-.ivf"}, }; INSTANTIATE_TEST_CASE_P( diff --git a/test/test-data.sha1 b/test/test-data.sha1 index ee6289f1e..b00aa8edd 100644 --- a/test/test-data.sha1 +++ b/test/test-data.sha1 @@ -681,3 +681,5 @@ e7d315dbf4f3928779e0dc624311196d44491d32 niklas_1280_720_30.yuv c77e4a26616add298a05dd5d12397be22c0e40c5 vp90-2-18-resize.ivf c12918cf0a716417fba2de35c3fc5ab90e52dfce vp90-2-18-resize.ivf.md5 717da707afcaa1f692ff1946f291054eb75a4f06 screendata.y4m +b7c1296630cdf1a7ef493d15ff4f9eb2999202f6 invalid-vp90-2-08-tile_1x2_frame_parallel.webm.ivf.s47039_r01-05_b6-.ivf +0a3884edb3fd8f9d9b500223e650f7de257b67d8 invalid-vp90-2-08-tile_1x2_frame_parallel.webm.ivf.s47039_r01-05_b6-.ivf.res diff --git a/test/test.mk b/test/test.mk index 0814c2b66..7fe39304e 100644 --- a/test/test.mk +++ b/test/test.mk @@ -801,6 +801,8 @@ LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-11.webm.iv LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-.ivf.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-z.ivf LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-00-quantizer-11.webm.ivf.s52984_r01-05_b6-z.ivf.res +LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-08-tile_1x2_frame_parallel.webm.ivf.s47039_r01-05_b6-.ivf +LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-08-tile_1x2_frame_parallel.webm.ivf.s47039_r01-05_b6-.ivf.res LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm LIBVPX_TEST_DATA-$(CONFIG_VP9_DECODER) += invalid-vp90-2-08-tile_1x4_frame_parallel_all_key.webm.res diff --git a/vp9/decoder/vp9_dthread.c b/vp9/decoder/vp9_dthread.c index 5dda49a0f..cf5cc8cf8 100644 --- a/vp9/decoder/vp9_dthread.c +++ b/vp9/decoder/vp9_dthread.c @@ -147,7 +147,7 @@ void vp9_loop_filter_frame_mt(YV12_BUFFER_CONFIG *frame, // Allocate memory used in thread synchronization. // This always needs to be done even if frame_filter_level is 0. - if (!cm->current_video_frame || cm->last_height != cm->height) { + if (!lf_sync->sync_range || cm->last_height != cm->height) { if (cm->last_height != cm->height) { const int aligned_last_height = ALIGN_POWER_OF_TWO(cm->last_height, MI_SIZE_LOG2);