Fail if prev frame is not done on new temp. delim.
Return an error if the frame in the previous temporal unit is incomplete
when a new temporal delimiter OBU is received.
Test:
test_libaom --gtest_filter=*InvalidFileTest*
BUG=oss-fuzz:24706
Change-Id: If19ac955c907fed1e77538ffa8adb7e88c8e7aec
diff --git a/av1/decoder/obu.c b/av1/decoder/obu.c
index 0c9cce4..161a33e 100644
--- a/av1/decoder/obu.c
+++ b/av1/decoder/obu.c
@@ -916,8 +916,12 @@
switch (obu_header.type) {
case OBU_TEMPORAL_DELIMITER:
decoded_payload_size = read_temporal_delimiter_obu();
- pbi->seen_frame_header = 0;
- pbi->next_start_tile = 0;
+ if (pbi->seen_frame_header) {
+ // A new temporal unit has started, but the frame in the previous
+ // temporal unit is incomplete.
+ cm->error.error_code = AOM_CODEC_CORRUPT_FRAME;
+ return -1;
+ }
break;
case OBU_SEQUENCE_HEADER:
decoded_payload_size = read_sequence_header_obu(pbi, &rb);
@@ -1008,7 +1012,10 @@
obu_header.type == OBU_FRAME);
if (cm->error.error_code != AOM_CODEC_OK) return -1;
is_first_tg_obu_received = 0;
- if (frame_decoding_finished) pbi->seen_frame_header = 0;
+ if (frame_decoding_finished) {
+ pbi->seen_frame_header = 0;
+ pbi->next_start_tile = 0;
+ }
pbi->num_tile_groups++;
break;
case OBU_METADATA:
diff --git a/test/invalid_file_test.cc b/test/invalid_file_test.cc
index 30880b2..1b48294 100644
--- a/test/invalid_file_test.cc
+++ b/test/invalid_file_test.cc
@@ -136,7 +136,8 @@
{ 1, "invalid-oss-fuzz-10389.ivf", "invalid-oss-fuzz-10389.ivf.res.2" },
{ 1, "invalid-oss-fuzz-11523.ivf", "invalid-oss-fuzz-11523.ivf.res.2" },
{ 4, "invalid-oss-fuzz-15363.ivf", NULL },
- { 1, "invalid-oss-fuzz-16437.ivf", NULL },
+ { 1, "invalid-oss-fuzz-16437.ivf", "invalid-oss-fuzz-16437.ivf.res.2" },
+ { 1, "invalid-oss-fuzz-24706.ivf", NULL },
#if CONFIG_AV1_HIGHBITDEPTH
// These test vectors contain 10-bit or 12-bit video.
{ 1, "invalid-oss-fuzz-9288.ivf", NULL },
diff --git a/test/test-data.sha1 b/test/test-data.sha1
index a328475..f814b02 100644
--- a/test/test-data.sha1
+++ b/test/test-data.sha1
@@ -38,6 +38,9 @@
d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-oss-fuzz-15363.ivf.res
5b697360bf0f02de31bae9b8da78e93570958fa4 *invalid-oss-fuzz-16437.ivf
09d2af8dd22201dd8d48e5dcfcaed281ff9422c7 *invalid-oss-fuzz-16437.ivf.res
+d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-oss-fuzz-16437.ivf.res.2
+e821070cea8eb687be102a1a118e0341c2e9df69 *invalid-oss-fuzz-24706.ivf
+d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-oss-fuzz-24706.ivf.res
ccbe4081557eb44820a0e6337c4a094421826b9a *invalid-oss-fuzz-9288.ivf
67c54283fe1a26ccf02cc991e4f9a1eea3ac5e78 *invalid-oss-fuzz-9288.ivf.res
c0960f032484579f967881cc025b71cfd7a79ee1 *invalid-oss-fuzz-9463.ivf
diff --git a/test/test_data_util.cmake b/test/test_data_util.cmake
index 7a9da42..3a96a2f 100644
--- a/test/test_data_util.cmake
+++ b/test/test_data_util.cmake
@@ -557,6 +557,9 @@
"invalid-oss-fuzz-15363.ivf.res"
"invalid-oss-fuzz-16437.ivf"
"invalid-oss-fuzz-16437.ivf.res"
+ "invalid-oss-fuzz-16437.ivf.res.2"
+ "invalid-oss-fuzz-24706.ivf"
+ "invalid-oss-fuzz-24706.ivf.res"
"invalid-oss-fuzz-9288.ivf"
"invalid-oss-fuzz-9288.ivf.res"
"invalid-oss-fuzz-9463.ivf"
