shithub: libvpx

Download patch

ref: 8a800b52eaee33e71aba7fb59118dcf14ac1dd1c
parent: 9012ebc269c789586ca33d9a771df134de4a2c6a
author: Jerome Jiang <jianj@google.com>
date: Wed May 1 07:51:26 EDT 2019 

vp8: clamp uv mv after calculation.

BUG=oss-fuzz:14478

Change-Id: Ia978a1e7829bf486681385cd715ed0b50fe3b072


--- a/vp8/common/reconinter.c
+++ b/vp8/common/reconinter.c
@@ -333,6 +333,13 @@
   _16x16mv.as_mv.row &= x->fullpixel_mask;
   _16x16mv.as_mv.col &= x->fullpixel_mask;
 
+  if (2 * _16x16mv.as_mv.col < (x->mb_to_left_edge - (19 << 3)) ||
+      2 * _16x16mv.as_mv.col > x->mb_to_right_edge + (18 << 3) ||
+      2 * _16x16mv.as_mv.row < (x->mb_to_top_edge - (19 << 3)) ||
+      2 * _16x16mv.as_mv.row > x->mb_to_bottom_edge + (18 << 3)) {
+    return;
+  }
+
   pre_stride >>= 1;
   offset = (_16x16mv.as_mv.row >> 3) * pre_stride + (_16x16mv.as_mv.col >> 3);
   uptr = x->pre.u_buffer + offset;