Commit a9380fee authored by Janne Grunau's avatar Janne Grunau

frame header: fix tile size parsing for non-uniform tiles

Spotted by David Michael Barr <b@rr-dav.id.au>
Fixes a fuzzing crash in crash-96e2d10fd8effbbcb0c8eedcbe05de50b1582fd2.
parent a537c5ac
......@@ -461,8 +461,8 @@ static int parse_frame_hdr(Dav1dContext *const c, GetBits *const gb,
hdr->tiling.cols = 0;
int widest_tile = 0, max_tile_area_sb = sbw * sbh;
for (int sbx = 0; sbx < sbw; hdr->tiling.cols++) {
const int tile_w = get_uniform(gb, imin(sbw - sbx,
max_tile_width_sb));
const int tile_w = 1 + get_uniform(gb, imin(sbw - sbx,
max_tile_width_sb));
hdr->tiling.col_start_sb[hdr->tiling.cols] = sbx;
sbx += tile_w;
widest_tile = imax(widest_tile, tile_w);
......@@ -473,8 +473,8 @@ static int parse_frame_hdr(Dav1dContext *const c, GetBits *const gb,
hdr->tiling.rows = 0;
for (int sby = 0; sby < sbh; hdr->tiling.rows++) {
const int tile_h = get_uniform(gb, imin(sbh - sby,
max_tile_height_sb));
const int tile_h = 1 + get_uniform(gb, imin(sbh - sby,
max_tile_height_sb));
hdr->tiling.row_start_sb[hdr->tiling.rows] = sby;
sby += tile_h;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment