Commits · 2c3eaffd2a32c63330b5afb1bf90847a0e0b0472 · VideoLAN / dav1d

15 Nov, 2018 2 commits

Correct the condition for freeing references in dav1d_parse_obus · 2c3eaffd

boyuanxiao-argondesign authored Nov 13, 2018 and

Ronald S. Bultje committed Nov 15, 2018

A new coded video sequence (see page 193; section 7.5 of the spec)
begins when we see a sequence header that isn't bit identical to
previous ones. This is the point at which we can throw away previous
frames etc.

2c3eaffd

obu: tile_group and frame OBUs do not have trailing bits · a1e945ca

Janne Grunau authored Nov 15, 2018

The number of read bits can be equal to the size of the packet. Fixes a
triggered assert in
clusterfuzz-testcase-minimized-dav1d_fuzzer-5746175664193536. Credits to
oss-fuzz.

a1e945ca

14 Nov, 2018 5 commits

Fix operator order in obu.c · ca33a9b7

Rupert Swarbrick authored Nov 14, 2018

This code originally looked like "assert (init_bit_pos % 8 == 0)" and
I changed it to use "& 7" to match the prevaling style. Unfortunately,
"&" binds more weakly than "==". Oops!

ca33a9b7

Correctly flush at the end of OBUs · c59f1940

Rupert Swarbrick authored Oct 17, 2018 and

Ronald S. Bultje committed Nov 14, 2018

This fixes failures when an OBU has more than a byte's worth of
trailing zeros.

As part of this work, it also rejigs the dav1d_flush_get_bits function
slightly. This worked before, but it wasn't very obvious why (it
worked because bits_left was never more than 7). This patch renames it
to dav1d_bytealign_get_bits, which makes it clearer what it does and
adds a comment explaining why it works properly.

The new dav1d_bytealign_get_bits is also now void (rather than
returning the next byte to read). The patch defines
dav1d_get_bits_pos, which returns the current bit position. This feels
a little easier to reason about.

We also add a new check to make sure that we haven't fallen off the
end of the OBU. This can happen when a byte buffer contains more than
one OBU: the GetBits might not have got to EOF, but we might now be
half-way through the next OBU.

c59f1940

Fix how we read the UV quantization level · 2532642b
Rupert Swarbrick authored Oct 17, 2018 and Ronald S. Bultje committed Nov 14, 2018
```
See section 5.9.12 of the AV1 spec. The flag controlling U and V share
a quantization level wasn't being read.
```
2532642b

Fix parsing segmentation data in parse_frame_hdr · 2f7eb1e9

boyuanxiao-argondesign authored Oct 15, 2018 and

Ronald S. Bultje committed Nov 14, 2018

The first memset is dead code: if primary_ref_frame is
PRIMARY_REF_NONE then segmentation.update_data is always true. The
patch removes this memset and explains why the copy in the other
branch is correct.

The second memset should always fire: if segmentation is not enabled
for this frame, the seg_data structure should be set to zero rather
than copied from a reference frame (see section 5.9.14 of the AV1
spec).

2f7eb1e9

Support skip/globalmv/ref segmentation features · 3fdb6cc9
Ronald S. Bultje authored Nov 13, 2018

3fdb6cc9

13 Nov, 2018 1 commit
- Fix parsing of render size · d401106b
  Ronald S. Bultje authored Nov 13, 2018
```
Fixes decoding of keyframe in #121.
```
  d401106b
12 Nov, 2018 1 commit
- Add missing .data suffix so we don't overwrite in memset() · 8948e5af
  Ronald S. Bultje authored Nov 12, 2018
  
  8948e5af
09 Nov, 2018 1 commit

reduce size of Av1FrameHeader by 7940 bytes · 4d3b6c15

Janne Grunau authored Nov 08, 2018

Take the maximal number of tile rows and columns (each 64) into account.
Reduces size of Av1FrameHeader from 9588 to 1648 bytes on x86_64
according to pahole.
Refs #156.

4d3b6c15

08 Nov, 2018 1 commit

Always free references upon sequence header refresh · 1ddd4cb8

Ronald S. Bultje authored Nov 08, 2018

Also clear refpoc[] for intrabc frames. Fixes #146.

This changes sequence header parsing so that we no longer reset
c->have_seq_hdr to 0 if parsing of the most recent sequence header
failed. Rather, we will just continue with the old sequence header
and test any future sequence headers against this. This may help
error resilience in streams that periodically re-send their sequence
header.

1ddd4cb8

01 Nov, 2018 2 commits
- obu: max_tile_height_sb is only used for non-uniform tiles · 40dc545e
  Janne Grunau authored Nov 01, 2018
```
Fixes #134.
```
  40dc545e
- Revert "explicitly clear some Dav1dRef pointers after calling dav1d_ref_dec()" · 24108f83
  Janne Grunau authored Nov 01, 2018
```
This reverts commit aeb5a5ef.
```
  24108f83
31 Oct, 2018 2 commits
- explicitly clear some Dav1dRef pointers after calling dav1d_ref_dec() · aeb5a5ef
  James Almer authored Oct 31, 2018
```
Partially reverts b7d2b7d2, fixing a regression
introduced by it.
```
  aeb5a5ef
- ref: don't leave dangling pointers around when freeing Dav1dRef · b7d2b7d2
  James Almer authored Oct 31, 2018
```
Signed-off-by: James Almer <jamrial@gmail.com>
```
  b7d2b7d2
29 Oct, 2018 1 commit
- obu: fix parsing film_grain_present and num_operating_points in Sequence Headers · 8fbd87e5
  James Almer authored Oct 29, 2018
```
Fixes a regression since d8996b18, where
the relevant fields started being written to and read from the wrong struct.
```
  8fbd87e5
28 Oct, 2018 2 commits

Clear reference state upon sequence header change · d8996b18
Ronald S. Bultje authored Oct 28, 2018 and Janne Grunau committed Oct 28, 2018
```
Fixes #123.
```
d8996b18

parse_obu: reset have_{seq,frame}_hdr on new OBU_{SEQ,FRAME}_HDR · cacfb8d2

Janne Grunau authored Oct 28, 2018

Prevent decoding a frame with inconsistent sequence and frame headers.
Fix #124, #125. Fix negative size param in pixel_copy due to inconsistent
sb128 state between frame header (parsed with sb128 == 0) and sequence
header and frame decoding with sb128 == 1. Fix
clusterfuzz-testcase-minimized-dav1d_fuzzer-5707479116152832. Credits to
oss-fuzz.

cacfb8d2

24 Oct, 2018 4 commits
- obu: don't abort OBU_REDUNDANT_FRAME_HDR if no frame header has been parsed · 18335a4d
  James Almer authored Oct 24, 2018
```
Parse and use it instead.
Signed-off-by: James Almer <jamrial@gmail.com>
```
  18335a4d
- obu: abort parsing OBU_FRAME if show_existing_frame=1 · 5f8b6d0c
  James Almer authored Oct 24, 2018
```
This is more in line with the behavior from libaom.
Signed-off-by: James Almer <jamrial@gmail.com>
```
  5f8b6d0c
- Exit frame data decoding for OBU_FRAME if show_existing_frame=1 · 2e991b14
  Ronald S. Bultje authored Oct 24, 2018 and Janne Grunau committed Oct 24, 2018
```
This is identical to what libaom does for such OBUs. It prevents us
from doing block decoding, which doesn't make sense for such OBUs,
and would result in using an uninitialized frame header during the
decoding process. Fixes #94.
```
  2e991b14
- Initialize restoration.type to RESTORATION_NONE for grayscale content · e5baa042
  Ronald S. Bultje authored Oct 24, 2018 and Janne Grunau committed Oct 24, 2018
```
Fixes #89.
```
  e5baa042
23 Oct, 2018 4 commits
- obu: support parsing Redundant Frame Header OBUs · 6e9ca034
  James Almer authored Oct 23, 2018
  
  6e9ca034
- obu: fix parsing of decoder model info bits · 13f3658b
  James Almer authored Oct 23, 2018
```
Working only for the first Operating Point for now.
```
  13f3658b
- Avoid calling get_uniform(max=1) · 5186abdb
  Luc Trudeau authored Oct 18, 2018
```
Calling get_uniform(max=1) results in a read_bits(n=0),
In get_uniform, the n param is renamed to max to clarify the
semantics. Asserts are added to detect calls to get_uniform()
and get_bits() that don't actually read anything.

Closes #76
```
  5186abdb
- Order skipmode references incrementally · 8eed0b67
  Ronald S. Bultje authored Oct 23, 2018 and Jean-Baptiste Kempf committed Oct 23, 2018
```
This is identical to what libaom does. Fixes #65.
```
  8eed0b67
21 Oct, 2018 1 commit
- obu: fix parsing force_integer_mv on frame headers · c9b91bee
  James Almer authored Oct 21, 2018
  
  c9b91bee
20 Oct, 2018 1 commit

obu/tile_group: simplify tile group order to check · 0ba64ee5

Janne Grunau authored Oct 18, 2018 and

Ronald S. Bultje committed Oct 20, 2018

The simplified versions catches tg_start != 0 for the first tile group
too. Fixes a heap-buffer-overflow in setup_tile when the first tile index is
larger than 0 but the number of tiles is correct. Fixes #61, #73.

0ba64ee5

18 Oct, 2018 2 commits

fix skip_mode_params parsing if enable_order_hint == 0 · 6ac49461

Janne Grunau authored Oct 17, 2018 and

Ronald S. Bultje committed Oct 18, 2018

Fix following ubsan error in #68:
../src/env.h:296:24: runtime error: shift exponent -1 is negative
[Detaching after fork from child process 22253]
    #0 0x7ffff76ad6f9 in get_poc_diff /home/janne/src/dav1d/build-usan/../src/env.h:296:24
    #1 0x7ffff76ad6f9 in parse_frame_hdr /home/janne/src/dav1d/build-usan/../src/obu.c:757
    #2 0x7ffff7696491 in dav1d_parse_obus /home/janne/src/dav1d/build-usan/../src/obu.c:1023:20
    #3 0x7ffff7921c7d in dav1d_decode /home/janne/src/dav1d/build-usan/../src/lib.c:193:20
    #4 0x424869 in main /home/janne/src/dav1d/build-usan/../tools/dav1d.c:108:20
    #5 0x7ffff63dfae6 in __libc_start_main (/lib64/libc.so.6+0x21ae6)
    #6 0x403489 in _start (/home/janne/src/dav1d/build-usan/tools/dav1d+0x403489)

I can't reproduce the ubsan error in the issue.

6ac49461

parse obu_size/leb128 as unsigned 32-bit integer · 5b67e1a2
Janne Grunau authored Oct 17, 2018 and Ronald S. Bultje committed Oct 18, 2018
```
Reject out of range values as errors and avoid undefined shifts. Fixes #67.
```
5b67e1a2

13 Oct, 2018 1 commit
- implement non power of 2 tile rows and columns spec compliant · 3e367ef8
  Janne Grunau authored Oct 11, 2018 and Jean-Baptiste Kempf committed Oct 13, 2018
```
Makes the tile parsing code simpler. Fixes a heap buffer overflow with
clusterfuzz-testcase-minimized-dav1d_fuzzer-5726018392817664. Credit to
oss-fuzz.
```
  3e367ef8
11 Oct, 2018 1 commit
- fix input buffer ref leak on tile parse errors · 82d88077
  Janne Grunau authored Oct 09, 2018
```
Seen with clusterfuzz-testcase-minimized-dav1d_fuzzer-5749222154960896,
Credit to OSS-Fuzz.
```
  82d88077
08 Oct, 2018 1 commit
- Reset entropy/reference state after making a fwd_kf visible · 76646c7d
  Ronald S. Bultje authored Oct 06, 2018
```
Fixes #48.
```
  76646c7d
07 Oct, 2018 1 commit

check dav1d_submit_frame() for errors · 31d2a9a3

Janne Grunau authored Oct 05, 2018

Avoids a triggered assert with
david-fuzzing-data:artifacts/crash-f448caf378e250b7eea4fa2d1c3cd7ef4a3211ce.

31d2a9a3

05 Oct, 2018 2 commits
- Reduce code duplication · fc8e06d5
  James Almer authored Oct 05, 2018
```
Signed-off-by: James Almer <jamrial@gmail.com>
```
  fc8e06d5
- fix skipping ref_order_hint in frame headers · c0451c8a
  James Almer authored Oct 05, 2018
```
Fixes parsing of some error_resilient_mode files.
```
  c0451c8a
04 Oct, 2018 3 commits
- fix -Wsign-compare warnings · 2faf1016
  skal authored Oct 02, 2018 and Ronald S. Bultje committed Oct 05, 2018
```
"comparison between signed and unsigned integer expressions"
```
  2faf1016
- parsing: error out when trying to decode a frame without tile data · 1b5d3359
  Janne Grunau authored Oct 03, 2018
```
Replaces an assert with a check and return error. Fixes an assert fail
with crash-ea35702b18cd8c17da7505126eb0e6aa6914f09d.
```
  1b5d3359
- Correctly use dav1d_ prefix for global symbols · 99239678
  Henrik Gramner authored Oct 04, 2018
  
  99239678
03 Oct, 2018 1 commit
- frame header: check for arithmetic underflow in tile data parsing · 914bf584
  Janne Grunau authored Oct 02, 2018
```
Fixes a fuzzing crash with crash-96e2d10fd8effbbcb0c8eedcbe05de50b1582fd2.
```
  914bf584