| Message ID | 20191211220006.1286-1-jamrial@gmail.com |
|---|---|
| State | Accepted |
| Commit | a23dd33606d5a711fd632383d81a1d6c60082e0f |
| Headers | show |
Hi, On Wed, Dec 11, 2019 at 5:00 PM James Almer <jamrial@gmail.com> wrote: > Taking into account the code > > fb(2, ar_coeff_lag); > num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1); > if (current->num_y_points) > num_pos_chroma = num_pos_luma + 1; > else > num_pos_chroma = num_pos_luma; > > Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for > num_pos_chroma 25. > > Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to > num_pos_chroma values. > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavcodec/cbs_av1.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/cbs_av1.h b/libavcodec/cbs_av1.h > index 50a05d2168..643e76793f 100644 > --- a/libavcodec/cbs_av1.h > +++ b/libavcodec/cbs_av1.h > @@ -268,8 +268,8 @@ typedef struct AV1RawFrameHeader { > uint8_t grain_scaling_minus_8; > uint8_t ar_coeff_lag; > uint8_t ar_coeffs_y_plus_128[24]; > - uint8_t ar_coeffs_cb_plus_128[24]; > - uint8_t ar_coeffs_cr_plus_128[24]; > + uint8_t ar_coeffs_cb_plus_128[25]; > + uint8_t ar_coeffs_cr_plus_128[25]; > uint8_t ar_coeff_shift_minus_6; > uint8_t grain_scale_shift; > uint8_t cb_mult; lgtm. Ronald
On Wed, Dec 11, 2019 at 07:00:06PM -0300, James Almer wrote: > Taking into account the code > > fb(2, ar_coeff_lag); > num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1); > if (current->num_y_points) > num_pos_chroma = num_pos_luma + 1; > else > num_pos_chroma = num_pos_luma; > > Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for > num_pos_chroma 25. > > Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to > num_pos_chroma values. > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavcodec/cbs_av1.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) LGTM and i should have realized this when i looked at the fuzzer case thanks [...]
diff --git a/libavcodec/cbs_av1.h b/libavcodec/cbs_av1.h index 50a05d2168..643e76793f 100644 --- a/libavcodec/cbs_av1.h +++ b/libavcodec/cbs_av1.h @@ -268,8 +268,8 @@ typedef struct AV1RawFrameHeader { uint8_t grain_scaling_minus_8; uint8_t ar_coeff_lag; uint8_t ar_coeffs_y_plus_128[24]; - uint8_t ar_coeffs_cb_plus_128[24]; - uint8_t ar_coeffs_cr_plus_128[24]; + uint8_t ar_coeffs_cb_plus_128[25]; + uint8_t ar_coeffs_cr_plus_128[25]; uint8_t ar_coeff_shift_minus_6; uint8_t grain_scale_shift; uint8_t cb_mult;
Taking into account the code fb(2, ar_coeff_lag); num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1); if (current->num_y_points) num_pos_chroma = num_pos_luma + 1; else num_pos_chroma = num_pos_luma; Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for num_pos_chroma 25. Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to num_pos_chroma values. Signed-off-by: James Almer <jamrial@gmail.com> --- libavcodec/cbs_av1.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)