external/libvpx: backport GetCoeffs overflow suppression | DO NOT MERGE

0f3fe088f vp8_decode: add missing vpx_clear_system_state
9cfcac1cb vp8,GetSigned: silence unsigned int overflow warning
c713f8461 move common attribute defs to compiler_attributes.h
https://chromium-review.googlesource.com/c/webm/libvpx/+/2058184
https://chromium-review.googlesource.com/c/webm/libvpx/+/2058198
https://chromium-review.googlesource.com/c/webm/libvpx/+/2058199

Change-Id: I4e632d99a9587ea794588bb99f247d18db52bde9
Test: crosshatch builds
Bug: b/148271109
(cherry picked from commit 73b9b5a6dd53ee7d33e51804edd7e59cc8c7c483)

14 files changed, 80 insertions, 47 deletions

diff --git a/README.version b/README.version
index cc2c2a31c..d11ef9a1f 100644
--- a/README.version
+++ b/README.version
@@ -4,3 +4,6 @@ BugComponent: 42195
 Owners: johannkoenig
 Local Modifications:
   652beb6ac trivial: fix spelling errors
+  0f3fe088f vp8_decode: add missing vpx_clear_system_state
+  9cfcac1cb vp8,GetSigned: silence unsigned int overflow warning
+  c713f8461 move common attribute defs to compiler_attributes.h
diff --git a/libvpx/examples.mk b/libvpx/examples.mk
index 758ca7f88..a28e52935 100644
--- a/libvpx/examples.mk
+++ b/libvpx/examples.mk
@@ -65,6 +65,7 @@ endif
 # while EXAMPLES demonstrate specific portions of the API.
 UTILS-$(CONFIG_DECODERS)    += vpxdec.c
 vpxdec.SRCS                 += md5_utils.c md5_utils.h
+vpxdec.SRCS                 += vpx_ports/compiler_attributes.h
 vpxdec.SRCS                 += vpx_ports/mem_ops.h
 vpxdec.SRCS                 += vpx_ports/mem_ops_aligned.h
 vpxdec.SRCS                 += vpx_ports/msvc.h
@@ -167,6 +168,7 @@ decode_to_md5.SRCS                 += y4minput.c y4minput.h
 decode_to_md5.SRCS                 += tools_common.h tools_common.c
 decode_to_md5.SRCS                 += video_common.h
 decode_to_md5.SRCS                 += video_reader.h video_reader.c
+decode_to_md5.SRCS                 += vpx_ports/compiler_attributes.h
 decode_to_md5.SRCS                 += vpx_ports/mem_ops.h
 decode_to_md5.SRCS                 += vpx_ports/mem_ops_aligned.h
 decode_to_md5.SRCS                 += vpx_ports/msvc.h
diff --git a/libvpx/md5_utils.c b/libvpx/md5_utils.c
index 9ddb104c8..c4106525f 100644
--- a/libvpx/md5_utils.c
+++ b/libvpx/md5_utils.c
@@ -23,6 +23,7 @@
 #include <string.h> /* for memcpy() */
 
 #include "md5_utils.h"
+#include "vpx_ports/compiler_attributes.h"
 
 static void byteSwap(UWORD32 *buf, unsigned words) {
   md5byte *p;
@@ -145,17 +146,6 @@ void MD5Final(md5byte digest[16], struct MD5Context *ctx) {
 #define MD5STEP(f, w, x, y, z, in, s) \
   (w += f(x, y, z) + in, w = (w << s | w >> (32 - s)) + x)
 
-#if defined(__clang__) && defined(__has_attribute)
-#if __has_attribute(no_sanitize)
-#define VPX_NO_UNSIGNED_OVERFLOW_CHECK \
-  __attribute__((no_sanitize("unsigned-integer-overflow")))
-#endif
-#endif
-
-#ifndef VPX_NO_UNSIGNED_OVERFLOW_CHECK
-#define VPX_NO_UNSIGNED_OVERFLOW_CHECK
-#endif
-
 /*
  * The core of the MD5 algorithm, this alters an existing MD5 hash to
  * reflect the addition of 16 longwords of new data.  MD5Update blocks
@@ -244,6 +234,4 @@ VPX_NO_UNSIGNED_OVERFLOW_CHECK void MD5Transform(UWORD32 buf[4],
   buf[3] += d;
 }
 
-#undef VPX_NO_UNSIGNED_OVERFLOW_CHECK
-
 #endif
diff --git a/libvpx/test/invalid_file_test.cc b/libvpx/test/invalid_file_test.cc
index 8fb9859ae..8b1bc56c9 100644
--- a/libvpx/test/invalid_file_test.cc
+++ b/libvpx/test/invalid_file_test.cc
@@ -124,6 +124,7 @@ TEST_P(InvalidFileTest, ReturnCode) { RunTest(); }
 #if CONFIG_VP8_DECODER
 const DecodeParam kVP8InvalidFileTests[] = {
   { 1, "invalid-bug-1443.ivf" },
+  { 1, "invalid-bug-148271109.ivf" },
   { 1, "invalid-token-partition.ivf" },
   { 1, "invalid-vp80-00-comprehensive-s17661_r01-05_b6-.ivf" },
 };
diff --git a/libvpx/test/test-data.mk b/libvpx/test/test-data.mk
index 905f0138e..81f035d83 100644
--- a/libvpx/test/test-data.mk
+++ b/libvpx/test/test-data.mk
@@ -737,6 +737,8 @@ endif  # CONFIG_VP9_HIGHBITDEPTH
 # Invalid files for testing libvpx error checking.
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-1443.ivf
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-1443.ivf.res
+LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-148271109.ivf
+LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-bug-148271109.ivf.res
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-token-partition.ivf
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-token-partition.ivf.res
 LIBVPX_TEST_DATA-$(CONFIG_VP8_DECODER) += invalid-vp80-00-comprehensive-018.ivf.2kf_0x6.ivf
diff --git a/libvpx/test/test-data.sha1 b/libvpx/test/test-data.sha1
index 8f0084c47..dcaea2866 100644
--- a/libvpx/test/test-data.sha1
+++ b/libvpx/test/test-data.sha1
@@ -866,3 +866,5 @@ c62b005a9fd32c36a1b3f67de6840330f9915e34 *invalid-crbug-1562.ivf
 f0cd8389948ad16085714d96567612136f6a46c5 *invalid-crbug-1562.ivf.res
 bac455906360b45338a16dd626ac5f19bc36a307 *desktop_office1.1280_720-020.yuv
 094be4b80fa30bd227149ea16ab6476d549ea092 *slides_code_term_web_plot.1920_1080.yuv
+518a0be998afece76d3df76047d51e256c591ff2 *invalid-bug-148271109.ivf
+d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-bug-148271109.ivf.res
diff --git a/libvpx/vp8/common/reconintra4x4.c b/libvpx/vp8/common/reconintra4x4.c
index 64d33a287..be936df5e 100644
--- a/libvpx/vp8/common/reconintra4x4.c
+++ b/libvpx/vp8/common/reconintra4x4.c
@@ -16,7 +16,7 @@
 #include "blockd.h"
 #include "reconintra4x4.h"
 #include "vp8/common/common.h"
-#include "vpx_ports/mem.h"
+#include "vpx_ports/compiler_attributes.h"
 
 typedef void (*intra_pred_fn)(uint8_t *dst, ptrdiff_t stride,
                               const uint8_t *above, const uint8_t *left);
diff --git a/libvpx/vp8/decoder/detokenize.c b/libvpx/vp8/decoder/detokenize.c
index b350bafbc..1c77873f0 100644
--- a/libvpx/vp8/decoder/detokenize.c
+++ b/libvpx/vp8/decoder/detokenize.c
@@ -11,6 +11,7 @@
 #include "vp8/common/blockd.h"
 #include "onyxd_int.h"
 #include "vpx_mem/vpx_mem.h"
+#include "vpx_ports/compiler_attributes.h"
 #include "vpx_ports/mem.h"
 #include "detokenize.h"
 
@@ -52,7 +53,10 @@ static const uint8_t kZigzag[16] = { 0, 1,  4,  8,  5, 2,  3,  6,
 /* for const-casting */
 typedef const uint8_t (*ProbaArray)[NUM_CTX][NUM_PROBAS];
 
-static int GetSigned(BOOL_DECODER *br, int value_to_sign) {
+// With corrupt / fuzzed streams the calculation of br->value may overflow. See
+// b/148271109.
+static VPX_NO_UNSIGNED_OVERFLOW_CHECK int GetSigned(BOOL_DECODER *br,
+                                                    int value_to_sign) {
   int split = (br->range + 1) >> 1;
   VP8_BD_VALUE bigsplit = (VP8_BD_VALUE)split << (VP8_BD_VALUE_SIZE - 8);
   int v;
diff --git a/libvpx/vp8/vp8_dx_iface.c b/libvpx/vp8/vp8_dx_iface.c
index 12e5781f5..9b3698bcd 100644
--- a/libvpx/vp8/vp8_dx_iface.c
+++ b/libvpx/vp8/vp8_dx_iface.c
@@ -456,6 +456,7 @@ static vpx_codec_err_t vp8_decode(vpx_codec_alg_priv_t *ctx,
     }
 
     if (setjmp(pbi->common.error.jmp)) {
+      vpx_clear_system_state();
       /* We do not know if the missing frame(s) was supposed to update
        * any of the reference buffers, but we act conservative and
        * mark only the last buffer as corrupted.
diff --git a/libvpx/vp9/encoder/vp9_pickmode.c b/libvpx/vp9/encoder/vp9_pickmode.c
index 9b2e48505..23c943c21 100644
--- a/libvpx/vp9/encoder/vp9_pickmode.c
+++ b/libvpx/vp9/encoder/vp9_pickmode.c
@@ -19,7 +19,7 @@
 #include "vpx/vpx_codec.h"
 #include "vpx_dsp/vpx_dsp_common.h"
 #include "vpx_mem/vpx_mem.h"
-#include "vpx_ports/mem.h"
+#include "vpx_ports/compiler_attributes.h"
 
 #include "vp9/common/vp9_blockd.h"
 #include "vp9/common/vp9_common.h"
diff --git a/libvpx/vpx_dsp/x86/convolve.h b/libvpx/vpx_dsp/x86/convolve.h
index 6fd40fef9..c33960055 100644
--- a/libvpx/vpx_dsp/x86/convolve.h
+++ b/libvpx/vpx_dsp/x86/convolve.h
@@ -14,7 +14,7 @@
 
 #include "./vpx_config.h"
 #include "vpx/vpx_integer.h"
-#include "vpx_ports/mem.h"
+#include "vpx_ports/compiler_attributes.h"
 
 // TODO(chiyotsai@google.com): Refactor the code here. Currently this is pretty
 // hacky and awful to read. Note that there is a filter_x[3] == 128 check in
diff --git a/libvpx/vpx_ports/compiler_attributes.h b/libvpx/vpx_ports/compiler_attributes.h
new file mode 100644
index 000000000..354352016
--- /dev/null
+++ b/libvpx/vpx_ports/compiler_attributes.h
@@ -0,0 +1,59 @@
+/*
+ *  Copyright (c) 2020 The WebM project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef VPX_VPX_PORTS_COMPILER_ATTRIBUTES_H_
+#define VPX_VPX_PORTS_COMPILER_ATTRIBUTES_H_
+
+#if !defined(__has_feature)
+#define __has_feature(x) 0
+#endif  // !defined(__has_feature)
+
+#if !defined(__has_attribute)
+#define __has_attribute(x) 0
+#endif  // !defined(__has_attribute)
+
+//------------------------------------------------------------------------------
+// Sanitizer attributes.
+
+#if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
+#define VPX_WITH_ASAN 1
+#else
+#define VPX_WITH_ASAN 0
+#endif  // __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
+
+#if defined(__clang__) && __has_attribute(no_sanitize)
+#define VPX_NO_UNSIGNED_OVERFLOW_CHECK \
+  __attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+
+#ifndef VPX_NO_UNSIGNED_OVERFLOW_CHECK
+#define VPX_NO_UNSIGNED_OVERFLOW_CHECK
+#endif
+
+//------------------------------------------------------------------------------
+// Variable attributes.
+
+#if __has_attribute(uninitialized)
+// Attribute "uninitialized" disables -ftrivial-auto-var-init=pattern for
+// the specified variable.
+//
+// -ftrivial-auto-var-init is security risk mitigation feature, so attribute
+// should not be used "just in case", but only to fix real performance
+// bottlenecks when other approaches do not work. In general the compiler is
+// quite effective at eliminating unneeded initializations introduced by the
+// flag, e.g. when they are followed by actual initialization by a program.
+// However if compiler optimization fails and code refactoring is hard, the
+// attribute can be used as a workaround.
+#define VPX_UNINITIALIZED __attribute__((uninitialized))
+#else
+#define VPX_UNINITIALIZED
+#endif  // __has_attribute(uninitialized)
+
+#endif  // VPX_VPX_PORTS_COMPILER_ATTRIBUTES_H_
diff --git a/libvpx/vpx_ports/mem.h b/libvpx/vpx_ports/mem.h
index 4e9041304..5eccfe8f5 100644
--- a/libvpx/vpx_ports/mem.h
+++ b/libvpx/vpx_ports/mem.h
@@ -41,34 +41,4 @@
 #define CAST_TO_BYTEPTR(x) ((uint8_t *)((uintptr_t)(x)))
 #endif  // CONFIG_VP9_HIGHBITDEPTH
 
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif  // !defined(__has_feature)
-
-#if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
-#define VPX_WITH_ASAN 1
-#else
-#define VPX_WITH_ASAN 0
-#endif  // __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
-
-#if !defined(__has_attribute)
-#define __has_attribute(x) 0
-#endif  // !defined(__has_attribute)
-
-#if __has_attribute(uninitialized)
-// Attribute "uninitialized" disables -ftrivial-auto-var-init=pattern for
-// the specified variable.
-//
-// -ftrivial-auto-var-init is security risk mitigation feature, so attribute
-// should not be used "just in case", but only to fix real performance
-// bottlenecks when other approaches do not work. In general the compiler is
-// quite effective at eliminating unneeded initializations introduced by the
-// flag, e.g. when they are followed by actual initialization by a program.
-// However if compiler optimization fails and code refactoring is hard, the
-// attribute can be used as a workaround.
-#define VPX_UNINITIALIZED __attribute__((uninitialized))
-#else
-#define VPX_UNINITIALIZED
-#endif  // __has_attribute(uninitialized)
-
 #endif  // VPX_VPX_PORTS_MEM_H_
diff --git a/libvpx/vpx_ports/vpx_ports.mk b/libvpx/vpx_ports/vpx_ports.mk
index ef17f0ad2..5ce15002c 100644
--- a/libvpx/vpx_ports/vpx_ports.mk
+++ b/libvpx/vpx_ports/vpx_ports.mk
@@ -12,6 +12,7 @@
 PORTS_SRCS-yes += vpx_ports.mk
 
 PORTS_SRCS-yes += bitops.h
+PORTS_SRCS-yes += compiler_attributes.h
 PORTS_SRCS-yes += mem.h
 PORTS_SRCS-yes += msvc.h
 PORTS_SRCS-yes += system_state.h