ref: 2b39cfb01288bf775281c8ae1a446ec4011bc887
parent: 790dd3538cf7d06bbd3112f3299b6a7c438bb2b4
author: Janne Grunau <janne-vlc@jannau.net>
date: Thu Nov 22 08:26:04 EST 2018
film_grain: round subsampled width/height up Fixes #183. Fixes use of uninitialized data in apply_to_row_uv with odd width in clusterfuzz-testcase-minimized-dav1d_fuzzer-5684823666982912. Credits to oss-fuzz.
--- a/src/film_grain_tmpl.c
+++ b/src/film_grain_tmpl.c
@@ -367,9 +367,9 @@
pixel *const luma_row = (pixel *) out->data[0] + PXSTRIDE(out->stride[0]) * row_num * BLOCK_SIZE;
// edge extend source pixels
- const int row_len = ((out->p.w >> sx) + (BLOCK_SIZE >> sx) - 1)
+ const int row_len = (((out->p.w + sx) >> sx) + (BLOCK_SIZE >> sx) - 1)
& ~((BLOCK_SIZE >> sx) - 1);
- for (int x = out->p.w >> sx; x < row_len; x++) {+ for (int x = (out->p.w + sx) >> sx; x < row_len; x++) { for (int y = 0; y < BLOCK_SIZE >> sy; y++) {pixel *src = src_row + y * PXSTRIDE(stride) + x;
*src = 0;
@@ -377,7 +377,7 @@
}
const int row_h = (row_num + 1) * (BLOCK_SIZE >> sy);
- for (int y = out->p.h >> sy; y < row_h; y++)
+ for (int y = (out->p.h + sy) >> sy; y < row_h; y++)
memset((pixel *) in->data[1 + uv] + PXSTRIDE(stride) * y, 0, row_len * sizeof(pixel));
int offsets[2 /* col offset */][2 /* row offset */];