From 40a355a42d4a9444dc753c04c6608dade2f06a23 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:13:27 +0200 Subject: Adding upstream version 125.0.1. Signed-off-by: Daniel Baumann --- third_party/dav1d/src/decode.c | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) (limited to 'third_party/dav1d/src/decode.c') diff --git a/third_party/dav1d/src/decode.c b/third_party/dav1d/src/decode.c index 97d15ca1c6..eed9dfb756 100644 --- a/third_party/dav1d/src/decode.c +++ b/third_party/dav1d/src/decode.c @@ -2616,6 +2616,25 @@ static void read_restoration_info(Dav1dTaskContext *const t, } } +// modeled after the equivalent function in aomdec:decodeframe.c +static int check_trailing_bits_after_symbol_coder(const MsacContext *const msac) { + // check marker bit (single 1), followed by zeroes + const int n_bits = -(msac->cnt + 14); + assert(n_bits <= 0); // this assumes we errored out when cnt <= -15 in caller + const int n_bytes = (n_bits + 7) >> 3; + const uint8_t *p = &msac->buf_pos[n_bytes]; + const int pattern = 128 >> ((n_bits - 1) & 7); + if ((p[-1] & (2 * pattern - 1)) != pattern) + return 1; + + // check remainder zero bytes + for (; p < msac->buf_end; p++) + if (*p) + return 1; + + return 0; +} + int dav1d_decode_tile_sbrow(Dav1dTaskContext *const t) { const Dav1dFrameContext *const f = t->f; const enum BlockLevel root_bl = f->seq_hdr->sb128 ? BL_128X128 : BL_64X64; @@ -2659,9 +2678,6 @@ int dav1d_decode_tile_sbrow(Dav1dTaskContext *const t) { return 0; } - // error out on symbol decoder overread - if (ts->msac.cnt < -15) return 1; - if (f->c->n_tc > 1 && f->frame_hdr->use_ref_frame_mvs) { f->c->refmvs_dsp.load_tmvs(&f->rf, ts->tiling.row, ts->tiling.col_start >> 1, ts->tiling.col_end >> 1, @@ -2767,7 +2783,12 @@ int dav1d_decode_tile_sbrow(Dav1dTaskContext *const t) { memcpy(&f->lf.tx_lpf_right_edge[1][align_h * tile_col + (t->by >> ss_ver)], &t->l.tx_lpf_uv[(t->by & 16) >> ss_ver], sb_step >> ss_ver); - return 0; + // error out on symbol decoder overread + if (ts->msac.cnt <= -15) return 1; + + return c->strict_std_compliance && + (t->by >> f->sb_shift) + 1 >= f->frame_hdr->tiling.row_start_sb[tile_row + 1] && + check_trailing_bits_after_symbol_coder(&ts->msac); } int dav1d_decode_frame_init(Dav1dFrameContext *const f) { @@ -3262,7 +3283,7 @@ error: return retval; } -void dav1d_decode_frame_exit(Dav1dFrameContext *const f, const int retval) { +void dav1d_decode_frame_exit(Dav1dFrameContext *const f, int retval) { const Dav1dContext *const c = f->c; if (f->sr_cur.p.data[0]) @@ -3273,8 +3294,16 @@ void dav1d_decode_frame_exit(Dav1dFrameContext *const f, const int retval) { (size_t)f->frame_thread.cf_sz * 128 * 128 / 2); } for (int i = 0; i < 7; i++) { - if (f->refp[i].p.frame_hdr) + if (f->refp[i].p.frame_hdr) { + if (!retval && c->n_fc > 1 && c->strict_std_compliance && + atomic_load(&f->refp[i].progress[1]) == FRAME_ERROR) + { + retval = DAV1D_ERR(EINVAL); + atomic_store(&f->task_thread.error, 1); + atomic_store(&f->sr_cur.progress[1], FRAME_ERROR); + } dav1d_thread_picture_unref(&f->refp[i]); + } dav1d_ref_dec(&f->ref_mvs_ref[i]); } @@ -3328,6 +3357,7 @@ int dav1d_decode_frame(Dav1dFrameContext *const f) { } } dav1d_decode_frame_exit(f, res); + res = f->task_thread.retval; f->n_tile_data = 0; return res; } -- cgit v1.2.3