ref: 31fa91b4cdb86647092bcb2fc55d1b478362887e
parent: 8dc6f353c6d04329cf59529f41a6f46d9dbfcafa
author: Vitaly Buka <vitalybuka@chromium.org>
date: Thu Apr 16 18:17:23 EDT 2020
Move index check before array access This lets us run code with -fsanitize=bounds. Bug: b/15471229 Change-Id: I5961ef43d21f04a0dc9e8bf7280dc27eb0a62094
--- a/vp9/encoder/vp9_encodeframe.c
+++ b/vp9/encoder/vp9_encodeframe.c
@@ -3766,9 +3766,6 @@
static int get_rdmult_delta(VP9_COMP *cpi, BLOCK_SIZE bsize, int mi_row,
int mi_col, int orig_rdmult) {const int gf_group_index = cpi->twopass.gf_group.index;
- TplDepFrame *tpl_frame = &cpi->tpl_stats[gf_group_index];
- TplDepStats *tpl_stats = tpl_frame->tpl_stats_ptr;
- int tpl_stride = tpl_frame->stride;
int64_t intra_cost = 0;
int64_t mc_dep_cost = 0;
int mi_wide = num_8x8_blocks_wide_lookup[bsize];
@@ -3779,11 +3776,18 @@
int count = 0;
double r0, rk, beta;
+ TplDepFrame *tpl_frame;
+ TplDepStats *tpl_stats;
+ int tpl_stride;
+
+ if (gf_group_index >= MAX_ARF_GOP_SIZE) return orig_rdmult;
+ tpl_frame = &cpi->tpl_stats[gf_group_index];
+
if (tpl_frame->is_valid == 0) return orig_rdmult;
+ tpl_stats = tpl_frame->tpl_stats_ptr;
+ tpl_stride = tpl_frame->stride;
if (cpi->twopass.gf_group.layer_depth[gf_group_index] > 1) return orig_rdmult;
-
- if (gf_group_index >= MAX_ARF_GOP_SIZE) return orig_rdmult;
for (row = mi_row; row < mi_row + mi_high; ++row) { for (col = mi_col; col < mi_col + mi_wide; ++col) {