GitLab

This version now includes clang.

This code originally looked like "assert (init_bit_pos % 8 == 0)" and
I changed it to use "& 7" to match the prevaling style. Unfortunately,
"&" binds more weakly than "==". Oops!

Rupert Swarbrick authored Oct 17, 2018 and Ronald S. Bultje committed Nov 14, 2018

This fixes failures when an OBU has more than a byte's worth of
trailing zeros.

As part of this work, it also rejigs the dav1d_flush_get_bits function
slightly. This worked before, but it wasn't very obvious why (it
worked because bits_left was never more than 7). This patch renames it
to dav1d_bytealign_get_bits, which makes it clearer what it does and
adds a comment explaining why it works properly.

The new dav1d_bytealign_get_bits is also now void (rather than
returning the next byte to read). The patch defines
dav1d_get_bits_pos, which returns the current bit position. This feels
a little easier to reason about.

We also add a new check to make sure that we haven't fallen off the
end of the OBU. This can happen when a byte buffer contains more than
one OBU: the GetBits might not have got to EOF, but we might now be
half-way through the next OBU.

Rupert Swarbrick authored Oct 17, 2018 and Ronald S. Bultje committed Nov 14, 2018

See section 5.9.12 of the AV1 spec. The flag controlling U and V share
a quantization level wasn't being read.

boyuanxiao-argondesign authored Oct 15, 2018 and Ronald S. Bultje committed Nov 14, 2018

The previous code raised an error if !segmentation.update_map but the
reference frame didn't yield any segmentation data. (The first "goto
error" that the patch removes happens if the reference frame was the
right size but had no segmentation data; the second happens if the
reference frame was the wrong size).

This doesn't match the logic in the description of
load_previous_segment_ids in section 6.8.2 of the spec.

This patch allows such streams, allocating and zeroing cur_segmap in
this case. It is still an error for a stream to signal a temporal
update but not to have valid segmentation data from the ref frame -
that's the error case that the patch puts back in.

boyuanxiao-argondesign authored Oct 15, 2018 and Ronald S. Bultje committed Nov 14, 2018

The first memset is dead code: if primary_ref_frame is
PRIMARY_REF_NONE then segmentation.update_data is always true. The
patch removes this memset and explains why the copy in the other
branch is correct.

The second memset should always fire: if segmentation is not enabled
for this frame, the seg_data structure should be set to zero rather
than copied from a reference frame (see section 5.9.14 of the AV1
spec).

Ronald S. Bultje authored Nov 13, 2018 and Janne Grunau committed Nov 14, 2018

Fixes #166.

Fixes a heap buffer overflow in emu_edge_c with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5089954858795008 if the
reference frame is smaller than the current frame. Credits to oss-fuzz.

Janne Grunau authored Nov 14, 2018 and Ronald S. Bultje committed Nov 14, 2018

Fixes undefined shifts in put_bilin_scaled_c with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5732654503165952. Credits
to oss-fuzz.

Fixes a heap buffer overflow with high bit depth scaled reference frames
in clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5652139771166720.
Credits to oss-fuzz.

Fixes #121.

Fixes decoding of keyframe in #121.

Seen with clusterfuzz-testcase-minimized-dav1d_fuzzer-5712042518904832.

This is used in z2 to limit the number of pixels over which the
filter is applied, as per "numPx" in 7.11.2.4 point 4 in the AV1
specification. This only applies to z2, because in z1/3, the edge
filter is (incomprehensibly) lengtened by the opposite side's edge
length, which undoes the limit on the filter length (like a bug
undoing another bug).

I admit the code is getting rather complex, so we may want to
redesign this to make writing SIMD easier.

Apparently this can happen for bitdepth > 8. I haven't seen it
happen for bitdepth==8. Fixes #161.

Steve Lhomme authored Nov 09, 2018 and Janne Grunau committed Nov 12, 2018

Since we return EAGAIN it's better if include the file that has it.

The mstride == 0, mstride == 1, and mstride == w cases are very different
from each other, and splitting them into separate functions makes it easier
top optimize them.

Also add some further optimizations to the AVX2 asm that became possible
after this change.

Fixes an error introduced in 22d3b6d9 (!294).
Fixes an use of uninitialized value in loop_filter_v_sb128y_c with
clusterfuzz-testcase-minimized-dav1d_fuzzer-5682084585144320. The
original sample in 22d3b6d9
clusterfuzz-testcase-minimized-dav1d_fuzzer-5691087507685376 shows no
regression. Credits to oss-fuzz.

Mirrors what we do for GCC.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>

This compiler version is still shipped with the latest version of
some distros, like RHEL/CentOS, sadly.

This implementation requires on the __atomic functions.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>

Fixes an use-of-uninitialized-value in decode_b() with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5674585370918912. Credits
to oss-fuzz.

Take the maximal number of tile rows and columns (each 64) into account.
Reduces size of Av1FrameHeader from 9588 to 1648 bytes on x86_64
according to pahole.
Refs #156.

Fixes #154, index out of bounds in decode_b() with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5750775674830848. Credits
to oss-fuzz.

Also clear refpoc[] for intrabc frames. Fixes #146.

This changes sequence header parsing so that we no longer reset
c->have_seq_hdr to 0 if parsing of the most recent sequence header
failed. Rather, we will just continue with the old sequence header
and test any future sequence headers against this. This may help
error resilience in streams that periodically re-send their sequence
header.

Fixes #132, use of uninitilized value in dav1d_loopfilter_sbrow_16bpc
with clusterfuzz-testcase-minimized-dav1d_fuzzer-5734861545930752.
Credits to oss-fuzz and Tyson Smith.

Also reduce scope of tables to inside the function where they are used.

Fixes regression introduced in e3b5d4d0.