Google Git
Sign in
aomedia/aom.git/5f384f39431b70752bbf1bc1fdfc14e5f9a5e0a8^!/.
commit
5f384f39431b70752bbf1bc1fdfc14e5f9a5e0a8
[log]
author
Wan-Teh Chang <wtc@google.com>
Thu May 21 14:03:32 2026 -0700
committer
Wan-Teh Chang <wtc@google.com>
Thu May 21 17:54:41 2026 -0700
tree
430cf41aa39dbcadc07dd504652f397346d6214e
parent
75c82a3383da936960f396e383e10a5a565129a2 [diff]
Increase ctx->cx_data_sz to 2.5x uncomp frame size

Increase ctx->cx_data_sz (the size in bytes of the ctx->cx_data buffer)
to 2.5 times the uncompressed frame size because 2 times the
uncompressed frame size has been shown to be too small for multithreaded
bitstream packing.

Follow up to https://aomedia-review.googlesource.com/131861.

Bug: oss-fuzz:514006304
Change-Id: I0aa67ea1b1a4ffaf13b8f8e5481a2dec1006e9ed
(cherry picked from commit eb53911fc8d85b8153986786d188caa27fdf24a1)

diff --git a/av1/av1_cx_iface.c b/av1/av1_cx_iface.c
index 143a4bd..f9fe5ea 100644
--- a/av1/av1_cx_iface.c
+++ b/av1/av1_cx_iface.c

@@ -3314,15 +3314,21 @@
       //
       // For pseudo random input, the compressed frame size is seen to exceed
       // the uncompressed frame size, but is less than 2 times the uncompressed
-      // frame size. Hence the size of the buffer is chosen as 2 times the
-      // uncompressed frame size.
-      int multiplier = 8;
+      // frame size. https://issues.oss-fuzz.com/issues/514006304 further shows
+      // that multithreaded bitstream packing may need more than 2 times the
+      // uncompressed frame size. Hence the size of the buffer is chosen as 2.5
+      // times the uncompressed frame size.
+      aom_rational_t multiplier;
+      multiplier.num = 8;
+      multiplier.den = 1;
       if (ppi->cpi->oxcf.kf_cfg.key_freq_max == 0 &&
-          !ppi->cpi->oxcf.kf_cfg.fwd_kf_enabled)
-        multiplier = 2;
-      if (uncompressed_frame_sz > SIZE_MAX / multiplier)
+          !ppi->cpi->oxcf.kf_cfg.fwd_kf_enabled) {
+        multiplier.num = 5;
+        multiplier.den = 2;
+      }
+      if (uncompressed_frame_sz > SIZE_MAX / multiplier.num)
         return AOM_CODEC_MEM_ERROR;
-      size_t data_sz = uncompressed_frame_sz * multiplier;
+      size_t data_sz = uncompressed_frame_sz * multiplier.num / multiplier.den;
       if (data_sz < kMinCompressedSize) data_sz = kMinCompressedSize;
       if (ctx->cx_data == NULL || ctx->cx_data_sz < data_sz) {
         ctx->cx_data_sz = data_sz;