Google Git
Sign in
aomedia/aom.git/48073d93c20dd2d319c0d45291d43e0dfb76c9a5^!/.
commit
48073d93c20dd2d319c0d45291d43e0dfb76c9a5
[log]
author
Urvang Joshi <urvang@google.com>
Fri Jun 29 16:21:18 2018 -0700
committer
Urvang Joshi <urvang@google.com>
Fri Jun 29 16:21:18 2018 -0700
tree
32e19f094ebc452f35700a4c734ad12ff3b5c2ec
parent
e5c1a188af730252648f3368777dc20124c3c7ae [diff]
op_parameters: Use unsigned_literal for read/write

decoder_buffer_delay and encoder_buffer_delay are read / written using
'encoder_decoder_buffer_delay_length' bits.

And 'encoder_decoder_buffer_delay_length' is read from bitstream as a
5-bit value + 1. So, it has a range of 1 to 32.

So, as the max number of bits for reading/writing decoder_buffer_delay
and encoder_buffer_delay are 32, we should be using
aom_rb_read_unsigned_literal() ind aom_wb_write_unsigned_literal()
functions, which support max 'bits' value of 32.

BUG=oss-fuzz:9126

Change-Id: I3896259f79613f5b82bda431756086dc9fea773e

diff --git a/aom_dsp/bitreader_buffer.c b/aom_dsp/bitreader_buffer.c
index 68fc381..0f5c598 100644
--- a/aom_dsp/bitreader_buffer.c
+++ b/aom_dsp/bitreader_buffer.c

@@ -8,6 +8,9 @@
  * Media Patent License 1.0 was not distributed with this source code in the
  * PATENTS file, you can obtain it at www.aomedia.org/license/patent.
  */
+
+#include <assert.h>
+
 #include "config/aom_config.h"
 
 #include "aom_dsp/bitreader_buffer.h"
@@ -31,6 +34,7 @@
 }
 
 int aom_rb_read_literal(struct aom_read_bit_buffer *rb, int bits) {
+  assert(bits <= 31);
   int value = 0, bit;
   for (bit = bits - 1; bit >= 0; bit--) value |= aom_rb_read_bit(rb) << bit;
   return value;
@@ -38,6 +42,7 @@
 
 uint32_t aom_rb_read_unsigned_literal(struct aom_read_bit_buffer *rb,
                                       int bits) {
+  assert(bits <= 32);
   uint32_t value = 0;
   int bit;
   for (bit = bits - 1; bit >= 0; bit--)

diff --git a/aom_dsp/bitwriter_buffer.c b/aom_dsp/bitwriter_buffer.c
index 21314eb..a563bf6 100644
--- a/aom_dsp/bitwriter_buffer.c
+++ b/aom_dsp/bitwriter_buffer.c

@@ -9,6 +9,7 @@
  * PATENTS file, you can obtain it at www.aomedia.org/license/patent.
  */
 
+#include <assert.h>
 #include <limits.h>
 #include <stdlib.h>
 
@@ -49,12 +50,14 @@
 }
 
 void aom_wb_write_literal(struct aom_write_bit_buffer *wb, int data, int bits) {
+  assert(bits <= 31);
   int bit;
   for (bit = bits - 1; bit >= 0; bit--) aom_wb_write_bit(wb, (data >> bit) & 1);
 }
 
 void aom_wb_write_unsigned_literal(struct aom_write_bit_buffer *wb,
                                    uint32_t data, int bits) {
+  assert(bits <= 32);
   int bit;
   for (bit = bits - 1; bit >= 0; bit--) aom_wb_write_bit(wb, (data >> bit) & 1);
 }

diff --git a/av1/common/timing.h b/av1/common/timing.h
index d31f4b7..2562951 100644
--- a/av1/common/timing.h
+++ b/av1/common/timing.h

@@ -35,8 +35,8 @@
   int decoder_model_param_present_flag;
   int64_t bitrate;
   int64_t buffer_size;
-  int decoder_buffer_delay;
-  int encoder_buffer_delay;
+  uint32_t decoder_buffer_delay;
+  uint32_t encoder_buffer_delay;
   int low_delay_mode_flag;
   int display_model_param_present_flag;
   int initial_display_delay;

diff --git a/av1/decoder/decodeframe.c b/av1/decoder/decodeframe.c
index c40e2cb..5f29707 100644
--- a/av1/decoder/decodeframe.c
+++ b/av1/decoder/decodeframe.c

@@ -3389,10 +3389,10 @@
                        op_num + 1);
   }
 
-  cm->op_params[op_num].decoder_buffer_delay = aom_rb_read_literal(
+  cm->op_params[op_num].decoder_buffer_delay = aom_rb_read_unsigned_literal(
       rb, cm->buffer_model.encoder_decoder_buffer_delay_length);
 
-  cm->op_params[op_num].encoder_buffer_delay = aom_rb_read_literal(
+  cm->op_params[op_num].encoder_buffer_delay = aom_rb_read_unsigned_literal(
       rb, cm->buffer_model.encoder_decoder_buffer_delay_length);
 
   cm->op_params[op_num].low_delay_mode_flag = aom_rb_read_bit(rb);

diff --git a/av1/encoder/bitstream.c b/av1/encoder/bitstream.c
index 2caf0f5..4435909 100644
--- a/av1/encoder/bitstream.c
+++ b/av1/encoder/bitstream.c

@@ -2533,11 +2533,13 @@
   //  aom_wb_write_bit(wb, cm->op_params[op_num].has_parameters);
   //  if (!cm->op_params[op_num].has_parameters) return;
 
-  aom_wb_write_literal(wb, cm->op_params[op_num].decoder_buffer_delay,
-                       cm->buffer_model.encoder_decoder_buffer_delay_length);
+  aom_wb_write_unsigned_literal(
+      wb, cm->op_params[op_num].decoder_buffer_delay,
+      cm->buffer_model.encoder_decoder_buffer_delay_length);
 
-  aom_wb_write_literal(wb, cm->op_params[op_num].encoder_buffer_delay,
-                       cm->buffer_model.encoder_decoder_buffer_delay_length);
+  aom_wb_write_unsigned_literal(
+      wb, cm->op_params[op_num].encoder_buffer_delay,
+      cm->buffer_model.encoder_decoder_buffer_delay_length);
 
   aom_wb_write_bit(wb, cm->op_params[op_num].low_delay_mode_flag);