diff -uNrp libvpx-v1.3.0.orig/build/make/configure.sh libvpx-v1.3.0/build/make/configure.sh
--- libvpx-v1.3.0.orig/build/make/configure.sh 2014-01-10 15:12:40.000000000 -0500
+++ libvpx-v1.3.0/build/make/configure.sh 2015-06-13 19:54:28.135278816 -0400
@@ -471,6 +471,7 @@ EOF
print_config_h ARCH "${TMP_H}" ${ARCH_LIST}
print_config_h HAVE "${TMP_H}" ${HAVE_LIST}
print_config_h CONFIG "${TMP_H}" ${CONFIG_LIST}
+ print_config_vars_h "${TMP_H}" ${VAR_LIST}
echo "#endif /* VPX_CONFIG_H */" >> ${TMP_H}
mkdir -p `dirname "$1"`
cmp "$1" ${TMP_H} >/dev/null 2>&1 || mv ${TMP_H} "$1"
@@ -536,6 +537,15 @@ process_common_cmdline() {
|| die "Must be yasm, nasm or auto: ${optval}"
alt_as="${optval}"
;;
+ --size-limit=*)
+ w="${optval%%x*}"
+ h="${optval##*x}"
+ VAR_LIST="DECODE_WIDTH_LIMIT ${w} DECODE_HEIGHT_LIMIT ${h}"
+ [ ${w} -gt 0 -a ${h} -gt 0 ] || die "Invalid size-limit: too small."
+ [ ${w} -lt 65536 -a ${h} -lt 65536 ] \
+ || die "Invalid size-limit: too big."
+ enable_feature size_limit
+ ;;
--prefix=*)
prefix="${optval}"
;;
@@ -1294,6 +1304,16 @@ print_config_h() {
done
}
+print_config_vars_h() {
+ local header=$1
+ shift
+ while [ $# -gt 0 ]; do
+ upname="`toupper $1`"
+ echo "#define ${upname} $2" >> $header
+ shift 2
+ done
+}
+
print_webm_license() {
local destination=$1
local prefix="$2"
diff -uNrp libvpx-v1.3.0.orig/configure libvpx-v1.3.0/configure
--- libvpx-v1.3.0.orig/configure 2014-01-10 15:12:42.000000000 -0500
+++ libvpx-v1.3.0/configure 2015-06-13 19:57:50.434880696 -0400
@@ -25,6 +25,7 @@ Advanced options:
${toggle_docs} documentation
${toggle_unit_tests} unit tests
--libc=PATH path to alternate libc
+ --size-limit=WxH max size to allow in the decoder
--as={yasm|nasm|auto} use specified assembler [auto, yasm preferred]
--sdk-path=PATH path to root of sdk (android builds only)
${toggle_fast_unaligned} don't use unaligned accesses, even when
@@ -306,6 +307,7 @@ CONFIG_LIST="
temporal_denoising
experimental
decrypt
+ size_limit
${EXPERIMENT_LIST}
"
CMDLINE_SELECT="
@@ -331,6 +333,7 @@ CMDLINE_SELECT="
docs
libc
as
+ size_limit
fast_unaligned
codec_srcs
debug_libs
diff -uNrp libvpx-v1.3.0.orig/test/encode_test_driver.cc libvpx-v1.3.0/test/encode_test_driver.cc
--- libvpx-v1.3.0.orig/test/encode_test_driver.cc 2014-01-10 15:12:40.000000000 -0500
+++ libvpx-v1.3.0/test/encode_test_driver.cc 2015-06-13 19:54:28.135278816 -0400
@@ -177,7 +177,10 @@ void EncoderTest::RunLoop(VideoSource *v
if (decoder && DoDecode()) {
vpx_codec_err_t res_dec = decoder->DecodeFrame(
(const uint8_t*)pkt->data.frame.buf, pkt->data.frame.sz);
- ASSERT_EQ(VPX_CODEC_OK, res_dec) << decoder->DecodeError();
+
+ if (!HandleDecodeResult(res_dec, *video, decoder))
+ break;
+
has_dxdata = true;
}
ASSERT_GE(pkt->data.frame.pts, last_pts_);
diff -uNrp libvpx-v1.3.0.orig/test/encode_test_driver.h libvpx-v1.3.0/test/encode_test_driver.h
--- libvpx-v1.3.0.orig/test/encode_test_driver.h 2014-01-10 15:12:40.000000000 -0500
+++ libvpx-v1.3.0/test/encode_test_driver.h 2015-06-13 19:54:28.135278816 -0400
@@ -206,6 +206,14 @@ class EncoderTest {
virtual void DecompressedFrameHook(const vpx_image_t& img,
vpx_codec_pts_t pts) {}
+ // Hook to be called to handle decode result. Return true to continue.
+ virtual bool HandleDecodeResult(const vpx_codec_err_t res_dec,
+ const VideoSource& /* video */,
+ Decoder *decoder) {
+ EXPECT_EQ(VPX_CODEC_OK, res_dec) << decoder->DecodeError();
+ return VPX_CODEC_OK == res_dec;
+ }
+
// Hook that can modify the encoder's output data
virtual const vpx_codec_cx_pkt_t * MutateEncoderOutputHook(
const vpx_codec_cx_pkt_t *pkt) {
diff -uNrp libvpx-v1.3.0.orig/test/frame_size_tests.cc libvpx-v1.3.0/test/frame_size_tests.cc
--- libvpx-v1.3.0.orig/test/frame_size_tests.cc 1969-12-31 19:00:00.000000000 -0500
+++ libvpx-v1.3.0/test/frame_size_tests.cc 2015-06-13 19:54:28.135278816 -0400
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2014 The WebM project authors. All Rights Reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+#include <climits>
+#include <vector>
+#include "third_party/googletest/src/include/gtest/gtest.h"
+#include "test/codec_factory.h"
+#include "test/encode_test_driver.h"
+#include "test/i420_video_source.h"
+#include "test/util.h"
+
+namespace {
+
+class VP9FrameSizeTestsLarge
+ : public ::libvpx_test::EncoderTest,
+ public ::testing::Test {
+ protected:
+ VP9FrameSizeTestsLarge() : EncoderTest(&::libvpx_test::kVP9),
+ expected_res_(VPX_CODEC_OK) {}
+ virtual ~VP9FrameSizeTestsLarge() {}
+
+ virtual void SetUp() {
+ InitializeConfig();
+ SetMode(::libvpx_test::kRealTime);
+ }
+
+ virtual bool HandleDecodeResult(const vpx_codec_err_t res_dec,
+ const libvpx_test::VideoSource &video,
+ libvpx_test::Decoder *decoder) {
+ EXPECT_EQ(expected_res_, res_dec)
+ << "Expected " << expected_res_
+ << "but got " << res_dec;
+
+ return !::testing::Test::HasFailure();
+ }
+
+ virtual void PreEncodeFrameHook(::libvpx_test::VideoSource *video,
+ ::libvpx_test::Encoder *encoder) {
+ if (video->frame() == 1) {
+ encoder->Control(VP8E_SET_CPUUSED, 7);
+ encoder->Control(VP8E_SET_ENABLEAUTOALTREF, 1);
+ encoder->Control(VP8E_SET_ARNR_MAXFRAMES, 7);
+ encoder->Control(VP8E_SET_ARNR_STRENGTH, 5);
+ encoder->Control(VP8E_SET_ARNR_TYPE, 3);
+ }
+ }
+
+ int expected_res_;
+};
+
+TEST_F(VP9FrameSizeTestsLarge, TestInvalidSizes) {
+ ::libvpx_test::RandomVideoSource video;
+
+#if CONFIG_SIZE_LIMIT
+ video.SetSize(DECODE_WIDTH_LIMIT + 16, DECODE_HEIGHT_LIMIT + 16);
+ video.set_limit(2);
+ expected_res_ = VPX_CODEC_CORRUPT_FRAME;
+ ASSERT_NO_FATAL_FAILURE(RunLoop(&video));
+#else
+ // If we are on a 32 bit platform we can't possibly allocate enough memory
+ // for the largest video frame size (64kx64k). This test checks that we
+ // properly return a memory error.
+ if (sizeof(size_t) == 4) {
+ video.SetSize(65535, 65535);
+ video.set_limit(2);
+ expected_res_ = VPX_CODEC_MEM_ERROR;
+ ASSERT_NO_FATAL_FAILURE(RunLoop(&video));
+ }
+#endif
+}
+
+TEST_F(VP9FrameSizeTestsLarge, ValidSizes) {
+ ::libvpx_test::RandomVideoSource video;
+
+#if CONFIG_SIZE_LIMIT
+ video.SetSize(DECODE_WIDTH_LIMIT, DECODE_HEIGHT_LIMIT);
+ video.set_limit(2);
+ expected_res_ = VPX_CODEC_OK;
+ ASSERT_NO_FATAL_FAILURE(RunLoop(&video));
+#else
+ // This test produces a pretty large single frame allocation, (roughly
+ // 25 megabits). The encoder allocates a good number of these frames
+ // one for each lag in frames (for 2 pass), and then one for each possible
+ // reference buffer (8) - we can end up with up to 30 buffers of roughly this
+ // size or almost 1 gig of memory.
+ video.SetSize(4096, 4096);
+ video.set_limit(2);
+ expected_res_ = VPX_CODEC_OK;
+ ASSERT_NO_FATAL_FAILURE(RunLoop(&video));
+#endif
+}
+} // namespace
diff -uNrp libvpx-v1.3.0.orig/test/test.mk libvpx-v1.3.0/test/test.mk
--- libvpx-v1.3.0.orig/test/test.mk 2014-01-10 15:12:42.000000000 -0500
+++ libvpx-v1.3.0/test/test.mk 2015-06-13 20:00:00.874624117 -0400
@@ -24,8 +24,9 @@ LIBVPX_TEST_SRCS-$(CONFIG_ENCODERS) +
LIBVPX_TEST_SRCS-$(CONFIG_ENCODERS) += i420_video_source.h
LIBVPX_TEST_SRCS-$(CONFIG_VP8_ENCODER) += keyframe_test.cc
LIBVPX_TEST_SRCS-$(CONFIG_VP9_ENCODER) += borders_test.cc
-LIBVPX_TEST_SRCS-$(CONFIG_VP9_ENCODER) += resize_test.cc
LIBVPX_TEST_SRCS-$(CONFIG_VP9_ENCODER) += cpu_speed_test.cc
+LIBVPX_TEST_SRCS-$(CONFIG_VP9_ENCODER) += frame_size_tests.cc
+LIBVPX_TEST_SRCS-$(CONFIG_VP9_ENCODER) += resize_test.cc
LIBVPX_TEST_SRCS-$(CONFIG_VP9_ENCODER) += vp9_lossless_test.cc
LIBVPX_TEST_SRCS-$(CONFIG_DECODERS) += ../md5_utils.h ../md5_utils.c
diff -uNrp libvpx-v1.3.0.orig/test/video_source.h libvpx-v1.3.0/test/video_source.h
--- libvpx-v1.3.0.orig/test/video_source.h 2014-01-10 15:12:40.000000000 -0500
+++ libvpx-v1.3.0/test/video_source.h 2015-06-13 19:54:28.135278816 -0400
@@ -118,6 +118,10 @@ class DummyVideoSource : public VideoSou
virtual unsigned int limit() const { return limit_; }
+ void set_limit(unsigned int limit) {
+ limit_ = limit;
+ }
+
void SetSize(unsigned int width, unsigned int height) {
if (width != width_ || height != height_) {
vpx_img_free(img_);
diff -uNrp libvpx-v1.3.0.orig/vp9/decoder/vp9_decodframe.c libvpx-v1.3.0/vp9/decoder/vp9_decodframe.c
--- libvpx-v1.3.0.orig/vp9/decoder/vp9_decodframe.c 2014-01-10 15:12:42.000000000 -0500
+++ libvpx-v1.3.0/vp9/decoder/vp9_decodframe.c 2015-06-13 20:03:53.444138820 -0400
@@ -702,6 +702,11 @@ static void setup_display_size(VP9_COMMO
static void apply_frame_size(VP9D_COMP *pbi, int width, int height) {
VP9_COMMON *cm = &pbi->common;
+#if CONFIG_SIZE_LIMIT
+ if (width > DECODE_WIDTH_LIMIT || height > DECODE_HEIGHT_LIMIT)
+ vpx_internal_error(&cm->error, VPX_CODEC_CORRUPT_FRAME,
+ "Width and height beyond allowed size.");
+#endif
if (cm->width != width || cm->height != height) {
// Change in frame size.
diff -uNrp libvpx-v1.3.0.orig/vpx/src/vpx_image.c libvpx-v1.3.0/vpx/src/vpx_image.c
--- libvpx-v1.3.0.orig/vpx/src/vpx_image.c 2014-01-10 15:12:40.000000000 -0500
+++ libvpx-v1.3.0/vpx/src/vpx_image.c 2015-06-13 19:55:38.485140340 -0400
@@ -12,6 +12,7 @@
#include <stdlib.h>
#include <string.h>
#include "vpx/vpx_image.h"
+#include "vpx/vpx_integer.h"
#define ADDRESS_STORAGE_SIZE sizeof(size_t)
/*returns an addr aligned to the byte boundary specified by align*/
@@ -147,8 +148,13 @@ static vpx_image_t *img_alloc_helper(vpx
img->img_data = img_data;
if (!img_data) {
- img->img_data = img_buf_memalign(buf_align, ((fmt & VPX_IMG_FMT_PLANAR) ?
- h * s * bps / 8 : h * s));
+ const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ?
+ (uint64_t)h * s * bps / 8 : (uint64_t)h * s;
+
+ if (alloc_size != (size_t)alloc_size)
+ goto fail;
+
+ img->img_data = img_buf_memalign(buf_align, (size_t)alloc_size);
img->img_data_owner = 1;
}
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
856070324a4c06c80742dba0efeedcd1
>
files
>
2
