47 lines
1.4 KiB
Diff
47 lines
1.4 KiB
Diff
From 0a68a93729ab879251ad63f833a327d20dbbbc23 Mon Sep 17 00:00:00 2001
|
|
From: Wan-Teh Chang <wtc@google.com>
|
|
Date: Fri, 12 Apr 2024 15:48:04 -0700
|
|
Subject: [PATCH 3/3] Fix a bug in alloc_size for high bit depths
|
|
|
|
I introduced this bug in commit 2e32276:
|
|
https://chromium-review.googlesource.com/c/webm/libvpx/+/5446333
|
|
|
|
I changed the line
|
|
|
|
stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
|
|
|
|
to three lines:
|
|
|
|
s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
|
|
if (s > INT_MAX) goto fail;
|
|
stride_in_bytes = (int)s;
|
|
|
|
But I didn't realize that `s` is used later in the calculation of
|
|
alloc_size.
|
|
|
|
As a quick fix, undo the effect of s * 2 for high bit depths after `s`
|
|
has been assigned to stride_in_bytes.
|
|
|
|
Bug: chromium:332382766
|
|
Change-Id: I53fbf405555645ab1d7254d31aadabe4f426be8c
|
|
(cherry picked from commit 74c70af01667733483dc69298b8921779f5f6ff3)
|
|
---
|
|
vpx/src/vpx_image.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/vpx/src/vpx_image.c b/vpx/src/vpx_image.c
|
|
index 0c84562ae..38d4c1ce3 100644
|
|
--- a/vpx/src/vpx_image.c
|
|
+++ b/vpx/src/vpx_image.c
|
|
@@ -97,6 +97,7 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
|
|
s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1);
|
|
if (s > INT_MAX) goto fail;
|
|
stride_in_bytes = (int)s;
|
|
+ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s / 2 : s;
|
|
|
|
/* Allocate the new image */
|
|
if (!img) {
|
|
--
|
|
2.45.2
|
|
|