 14 Dec, 2018 1 commit


Ronald S. Bultje authored
The basic idea is that with intermediates of 19+sign bits and multipliers of 12+sign bits, the intermediates are 19+12=31+sign bits, and adding two of these together can overflow, which is UB in C. These are not valid AV1 streams, but they are codable, and so although we don't particularly care about the pixellevel output for such streams, we do want to prevent triggering UB, since that could be considered a security vulnerability. To resolve this, we clip all multipliers to 11 bit by inverting them: (a * constant_1 + b * constant_2 + 2048) >> 12, where constant_1 < 2048 but constant_2 >= 2048, is identical to: ((a * constant_1 + b * (4096  constant_2) + 2048) >> 12) + b, and 4096  constant_2 < 2048. In other places, where both constants are a multiple of 2, we can reduce the magnitude of both and round/shift by 11 instead of 12. Do this in dct4,8,16,32,64 as well as adst8,16. Also slightly simplify the final phase of idct64_1d by moving the add/sub to before the multiply. The adst4 is rewritten to be shaped like a matrixmultiply, and then use the same idea on all 4 multipliers in the matrix, since the sum of all 4 multipliers is still under 4096 in all cases. Fixes clusterfuzztestcaseminimizeddav1d_fuzzer5709759466962944, credits to ossfuzz. Also fixes #223.

 12 Dec, 2018 2 commits


Janne Grunau authored
Fixes an integer overflow in inv_dct4_1d with clusterfuzztestcasedav1d_fuzzer5634807321591808 and in inv_adst16_1d with clusterfuzztestcasedav1d_fuzzer5761827623927808. Credits to ossfuzz.

Janne Grunau authored
Fixes #220.

 20 Nov, 2018 1 commit


Janne Grunau authored
This does not adjust the AVX2 asm. The asm clips in many places to the required range (16bit signed) for performance reason. No mismatch observed with coefs generated by the forward transform in checkasm in 10 thousand runs.

 28 Sep, 2018 1 commit


Steve Lhomme authored

 25 Sep, 2018 1 commit


Hugo BeauzéeLuyssen authored
They are not valid out of a function in ISO C

 22 Sep, 2018 1 commit


Ronald S. Bultje authored
With minor contributions from:  JeanBaptiste Kempf <jb@videolan.org>  Marvin Scholz <epirat07@gmail.com>  Hugo BeauzéeLuyssen <hugo@videolan.org>
