diff options
-rw-r--r-- | Android.bp | 4 | ||||
-rw-r--r-- | Android.bp.in | 4 | ||||
-rw-r--r-- | README.version | 1 | ||||
-rw-r--r-- | libaom/av1/decoder/obu.c | 5 | ||||
-rw-r--r-- | libaom/test/invalid_file_test.cc | 2 | ||||
-rw-r--r-- | libaom/test/test-data.sha1 | 4 | ||||
-rw-r--r-- | libaom/test/test_data_util.cmake | 4 | ||||
-rw-r--r-- | libaom_blacklist.txt | 4 |
8 files changed, 28 insertions, 0 deletions
diff --git a/Android.bp b/Android.bp index 523bb8c19..3a5ad26cc 100644 --- a/Android.bp +++ b/Android.bp @@ -507,6 +507,10 @@ cc_library_static { }, + sanitize: { + blacklist: "libaom_blacklist.txt", + }, + } cc_fuzz { diff --git a/Android.bp.in b/Android.bp.in index e5851db1e..3d9c5c673 100644 --- a/Android.bp.in +++ b/Android.bp.in @@ -106,6 +106,10 @@ cc_library_static { }, + sanitize: { + blacklist: "libaom_blacklist.txt", + }, + } cc_fuzz { diff --git a/README.version b/README.version index 23b6ba17a..95519e8c3 100644 --- a/README.version +++ b/README.version @@ -4,6 +4,7 @@ Local Modifications: Rename files to avoid object collisions: aom_dsp/x86/highbd_intrapred_sse2.asm aom_dsp/x86/intrapred_sse2.asm + 7ad847ac6 Seq header shouldn't change in the middle of frame Updates to libaom/examples/av1_dec_fuzzer.cc to include the following commits from upstream 139efd2c8 av1_dec_fuzzer: get thread count from 1st byte of frame header adfc4b7f8 av1_dec_fuzzer: Remove fmemopen dependency diff --git a/libaom/av1/decoder/obu.c b/libaom/av1/decoder/obu.c index aaea57270..ac66df56e 100644 --- a/libaom/av1/decoder/obu.c +++ b/libaom/av1/decoder/obu.c @@ -760,6 +760,11 @@ int aom_decode_frame_from_obus(struct AV1Decoder *pbi, const uint8_t *data, case OBU_SEQUENCE_HEADER: decoded_payload_size = read_sequence_header_obu(pbi, &rb); if (cm->error.error_code != AOM_CODEC_OK) return -1; + // The sequence header should not change in the middle of a frame. + if (pbi->sequence_header_changed && pbi->seen_frame_header) { + cm->error.error_code = AOM_CODEC_CORRUPT_FRAME; + return -1; + } break; case OBU_FRAME_HEADER: case OBU_REDUNDANT_FRAME_HEADER: diff --git a/libaom/test/invalid_file_test.cc b/libaom/test/invalid_file_test.cc index 0478c7e5e..2a1c9a975 100644 --- a/libaom/test/invalid_file_test.cc +++ b/libaom/test/invalid_file_test.cc @@ -114,6 +114,8 @@ TEST_P(InvalidFileTest, ReturnCode) { RunTest(); } const DecodeParam kAV1InvalidFileTests[] = { { 1, "invalid-bug-1814.ivf" }, { 1, "invalid-chromium-906381.ivf" }, + { 1, "invalid-google-142530197.ivf" }, + { 1, "invalid-google-142530197-1.ivf" }, { 1, "invalid-oss-fuzz-9288.ivf" }, { 4, "invalid-oss-fuzz-9463.ivf" }, { 1, "invalid-oss-fuzz-9482.ivf" }, diff --git a/libaom/test/test-data.sha1 b/libaom/test/test-data.sha1 index bd6320634..91487e4ba 100644 --- a/libaom/test/test-data.sha1 +++ b/libaom/test/test-data.sha1 @@ -4,6 +4,10 @@ b87815bf86020c592ccc7a846ba2e28ec8043902 *hantro_odd.yuv d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-bug-1814.ivf.res 09aa07e5325b3bb5462182eb30b8ecc914630740 *invalid-chromium-906381.ivf 09d2af8dd22201dd8d48e5dcfcaed281ff9422c7 *invalid-chromium-906381.ivf.res +f7c83c14aa35b928ba8b70f3eaa3b92070be4519 *invalid-google-142530197-1.ivf +d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-google-142530197-1.ivf.res +703c05720d5d67053bcee44987635cd78af2f971 *invalid-google-142530197.ivf +d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-google-142530197.ivf.res fa06784f23751d8c37be94160fb821e855199af4 *invalid-oss-fuzz-10061.ivf b055f06b9a95aaa5697fa26497b592a47843a7c8 *invalid-oss-fuzz-10061.ivf.res c9e06c4c7fb7d69fd635a1f606a5e478d60e99cf *invalid-oss-fuzz-10117-mc-buf-use-highbd.ivf diff --git a/libaom/test/test_data_util.cmake b/libaom/test/test_data_util.cmake index c3c86aa77..69703d6c1 100644 --- a/libaom/test/test_data_util.cmake +++ b/libaom/test/test_data_util.cmake @@ -516,6 +516,10 @@ if(CONFIG_AV1_DECODER) "invalid-bug-1814.ivf.res" "invalid-chromium-906381.ivf" "invalid-chromium-906381.ivf.res" + "invalid-google-142530197-1.ivf" + "invalid-google-142530197-1.ivf.res" + "invalid-google-142530197.ivf" + "invalid-google-142530197.ivf.res" "invalid-oss-fuzz-10061.ivf" "invalid-oss-fuzz-10061.ivf.res" "invalid-oss-fuzz-10117-mc-buf-use-highbd.ivf" diff --git a/libaom_blacklist.txt b/libaom_blacklist.txt new file mode 100644 index 000000000..07b390430 --- /dev/null +++ b/libaom_blacklist.txt @@ -0,0 +1,4 @@ +[cfi] +# libaom/av1/common/reconintra.c: indirect call to assembly code on x86/x86_64 platform +fun:dr_predictor +fun:build_intra_predictors |