Google Git
Sign in
aomedia/avm/29071a418e1a12fb2f614f962c24f1417153d7fc^!/.
commit
29071a418e1a12fb2f614f962c24f1417153d7fc
[log]
author
Alexander Voronov <avoronov@graphics.cs.msu.ru>
Tue Sep 09 14:56:00 2014 +0400
committer
Alexander Voronov <avoronov@graphics.cs.msu.ru>
Mon Sep 15 17:50:20 2014 +0400
tree
5e4397233cd86f562f35369b2380a53bae8b2bab
parent
c731d6a4f19eea861ceb2ff31399420b2452eb74 [diff]
Fix invalid memory access on 2x downscale.

The issue was discovered on bitstream with 2x vertical downscale. For
zero MVs, y_pad is set to 1 only when vertical convolution is
required. The original code assumes that for y_step_q4 == 32 we don't
perform vertical convolution. But vp9_setup_scale_factors_for_frame()
sets convolve functions so that when x_step and y_step are both not
equal to 16, convolve in both directions is performed. And convolve()
unconditionally subtracts one stride from source pointer when calls
convolve_horiz(). This leads to invalid memory access.

Change-Id: I882dfa6081a58e172b5ffa55842bfcd6727f10bf

diff --git a/vp9/common/vp9_reconinter.c b/vp9/common/vp9_reconinter.c
index 86ae648..65c8759 100644
--- a/vp9/common/vp9_reconinter.c
+++ b/vp9/common/vp9_reconinter.c

@@ -376,13 +376,13 @@
       int y1 = ((y0_16 + (h - 1) * ys) >> SUBPEL_BITS) + 1;
       int x_pad = 0, y_pad = 0;
 
-      if (subpel_x || (sf->x_step_q4 & SUBPEL_MASK)) {
+      if (subpel_x || (sf->x_step_q4 != 16)) {
         x0 -= VP9_INTERP_EXTEND - 1;
         x1 += VP9_INTERP_EXTEND;
         x_pad = 1;
       }
 
-      if (subpel_y || (sf->y_step_q4 & SUBPEL_MASK)) {
+      if (subpel_y || (sf->y_step_q4 != 16)) {
         y0 -= VP9_INTERP_EXTEND - 1;
         y1 += VP9_INTERP_EXTEND;
         y_pad = 1;