shithub: libvpx

Download patch

ref: 31fa91b4cdb86647092bcb2fc55d1b478362887e
parent: 8dc6f353c6d04329cf59529f41a6f46d9dbfcafa
author: Vitaly Buka <vitalybuka@chromium.org>
date: Thu Apr 16 18:17:23 EDT 2020

Move index check before array access

This lets us run code with -fsanitize=bounds.

Bug: b/15471229

Change-Id: I5961ef43d21f04a0dc9e8bf7280dc27eb0a62094

--- a/vp9/encoder/vp9_encodeframe.c
+++ b/vp9/encoder/vp9_encodeframe.c
@@ -3766,9 +3766,6 @@
 static int get_rdmult_delta(VP9_COMP *cpi, BLOCK_SIZE bsize, int mi_row,
                             int mi_col, int orig_rdmult) {
   const int gf_group_index = cpi->twopass.gf_group.index;
-  TplDepFrame *tpl_frame = &cpi->tpl_stats[gf_group_index];
-  TplDepStats *tpl_stats = tpl_frame->tpl_stats_ptr;
-  int tpl_stride = tpl_frame->stride;
   int64_t intra_cost = 0;
   int64_t mc_dep_cost = 0;
   int mi_wide = num_8x8_blocks_wide_lookup[bsize];
@@ -3779,11 +3776,18 @@
   int count = 0;
   double r0, rk, beta;
 
+  TplDepFrame *tpl_frame;
+  TplDepStats *tpl_stats;
+  int tpl_stride;
+
+  if (gf_group_index >= MAX_ARF_GOP_SIZE) return orig_rdmult;
+  tpl_frame = &cpi->tpl_stats[gf_group_index];
+
   if (tpl_frame->is_valid == 0) return orig_rdmult;
+  tpl_stats = tpl_frame->tpl_stats_ptr;
+  tpl_stride = tpl_frame->stride;
 
   if (cpi->twopass.gf_group.layer_depth[gf_group_index] > 1) return orig_rdmult;
-
-  if (gf_group_index >= MAX_ARF_GOP_SIZE) return orig_rdmult;
 
   for (row = mi_row; row < mi_row + mi_high; ++row) {
     for (col = mi_col; col < mi_col + mi_wide; ++col) {