diff options
| author | Alex Converse <aconverse@google.com> | 2015-01-28 11:22:36 -0800 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@gerrit.golo.chromium.org> | 2015-01-28 11:22:36 -0800 |
| commit | c29c61340002d61b4a3539c5a7ffd73e9067a25a (patch) | |
| tree | 02e6cb46313e15c9c5e57e65c0dc76ece480ee87 | |
| parent | d1e6b8231af3c8febc56e447e5ff6fdcf2bbfa11 (diff) | |
| parent | 581731a95f74d83d4fe3cc466ce502ffb4326e8e (diff) | |
| download | libvpx-c29c61340002d61b4a3539c5a7ffd73e9067a25a.tar libvpx-c29c61340002d61b4a3539c5a7ffd73e9067a25a.tar.gz libvpx-c29c61340002d61b4a3539c5a7ffd73e9067a25a.tar.bz2 libvpx-c29c61340002d61b4a3539c5a7ffd73e9067a25a.zip | |
Merge "vp8enc: Prevent out of bounds memory access."
| -rw-r--r-- | vp8/encoder/onyx_if.c | 8 | ||||
| -rw-r--r-- | vp8/encoder/onyx_int.h | 3 | ||||
| -rw-r--r-- | vp8/vp8_cx_iface.c | 11 |
3 files changed, 19 insertions, 3 deletions
diff --git a/vp8/encoder/onyx_if.c b/vp8/encoder/onyx_if.c index 41b30663a..258fa114f 100644 --- a/vp8/encoder/onyx_if.c +++ b/vp8/encoder/onyx_if.c @@ -1760,8 +1760,16 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) reset_temporal_layer_change(cpi, oxcf, prev_number_of_layers); } + if (!cpi->initial_width) + { + cpi->initial_width = cpi->oxcf.Width; + cpi->initial_height = cpi->oxcf.Height; + } + cm->Width = cpi->oxcf.Width; cm->Height = cpi->oxcf.Height; + assert(cm->Width <= cpi->initial_width); + assert(cm->Height <= cpi->initial_height); /* TODO(jkoleszar): if an internal spatial resampling is active, * and we downsize the input image, maybe we should clear the diff --git a/vp8/encoder/onyx_int.h b/vp8/encoder/onyx_int.h index b1a749c1d..82d745390 100644 --- a/vp8/encoder/onyx_int.h +++ b/vp8/encoder/onyx_int.h @@ -665,6 +665,9 @@ typedef struct VP8_COMP int droppable; + int initial_width; + int initial_height; + #if CONFIG_TEMPORAL_DENOISING VP8_DENOISER denoiser; #endif diff --git a/vp8/vp8_cx_iface.c b/vp8/vp8_cx_iface.c index f81f07821..96b4cb5f2 100644 --- a/vp8/vp8_cx_iface.c +++ b/vp8/vp8_cx_iface.c @@ -447,9 +447,14 @@ static vpx_codec_err_t vp8e_set_config(vpx_codec_alg_priv_t *ctx, { vpx_codec_err_t res; - if (((cfg->g_w != ctx->cfg.g_w) || (cfg->g_h != ctx->cfg.g_h)) - && (cfg->g_lag_in_frames > 1 || cfg->g_pass != VPX_RC_ONE_PASS)) - ERROR("Cannot change width or height after initialization"); + if (cfg->g_w != ctx->cfg.g_w || cfg->g_h != ctx->cfg.g_h) + { + if (cfg->g_lag_in_frames > 1 || cfg->g_pass != VPX_RC_ONE_PASS) + ERROR("Cannot change width or height after initialization"); + if ((ctx->cpi->initial_width && (int)cfg->g_w > ctx->cpi->initial_width) || + (ctx->cpi->initial_height && (int)cfg->g_h > ctx->cpi->initial_height)) + ERROR("Cannot increast width or height larger than their initial values"); + } /* Prevent increasing lag_in_frames. This check is stricter than it needs * to be -- the limit is not increasing past the first lag_in_frames |