From 6dbf738a43cf2380b9b5cc6fb867b52919ca2a20 Mon Sep 17 00:00:00 2001 From: Jerome Jiang Date: Wed, 19 Dec 2018 11:18:55 -0800 Subject: [PATCH] vp8: kill all threads on corrupted frame. If decoder keeps going, threads will be brought up. BUG=902650,webm:1577 Change-Id: I7765ba134aeed76ec0f58bd05e3a35383e6861c3 --- test/invalid_file_test.cc | 4 ++-- vp8/decoder/decodeframe.c | 4 +++- vp8/decoder/onyxd_if.c | 1 + vp8/vp8_dx_iface.c | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/test/invalid_file_test.cc b/test/invalid_file_test.cc index 8eed05eb4..a92612af4 100644 --- a/test/invalid_file_test.cc +++ b/test/invalid_file_test.cc @@ -123,9 +123,9 @@ TEST_P(InvalidFileTest, ReturnCode) { RunTest(); } #if CONFIG_VP8_DECODER const DecodeParam kVP8InvalidFileTests[] = { - { 1, "invalid-bug-1443.ivf" }, + { 1, "invalid-bug-1443-v2.ivf" }, { 1, "invalid-token-partition.ivf" }, - { 1, "invalid-vp80-00-comprehensive-s17661_r01-05_b6-.ivf" }, + { 1, "invalid-vp80-00-comprehensive-s17661_r01-05_b6-.v2.ivf" }, }; VP8_INSTANTIATE_TEST_CASE(InvalidFileTest, diff --git a/vp8/decoder/decodeframe.c b/vp8/decoder/decodeframe.c index f4842ef03..617abf77c 100644 --- a/vp8/decoder/decodeframe.c +++ b/vp8/decoder/decodeframe.c @@ -1220,8 +1220,10 @@ int vp8_decode_frame(VP8D_COMP *pbi) { if (vpx_atomic_load_acquire(&pbi->b_multithreaded_rd) && pc->multi_token_partition != ONE_PARTITION) { unsigned int thread; - if (vp8mt_decode_mb_rows(pbi, xd)) + if (vp8mt_decode_mb_rows(pbi, xd)) { + vp8_decoder_remove_threads(pbi); vpx_internal_error(&pbi->common.error, VPX_CODEC_CORRUPT_FRAME, NULL); + } vp8_yv12_extend_frame_borders(yv12_fb_new); for (thread = 0; thread < pbi->decoding_thread_count; ++thread) { corrupt_tokens |= pbi->mb_row_di[thread].mbd.corrupted; diff --git a/vp8/decoder/onyxd_if.c b/vp8/decoder/onyxd_if.c index 918c68626..e7e1cfc94 100644 --- a/vp8/decoder/onyxd_if.c +++ b/vp8/decoder/onyxd_if.c @@ -428,6 +428,7 @@ int vp8dx_references_buffer(VP8_COMMON *oci, int ref_frame) { } int vp8_create_decoder_instances(struct frame_buffers *fb, VP8D_CONFIG *oxcf) { + if (fb->pbi[0]) remove_decompressor(fb->pbi[0]); /* decoder instance for single thread mode */ fb->pbi[0] = create_decompressor(oxcf); if (!fb->pbi[0]) return VPX_CODEC_ERROR; diff --git a/vp8/vp8_dx_iface.c b/vp8/vp8_dx_iface.c index 6d1c5f595..a72d80505 100644 --- a/vp8/vp8_dx_iface.c +++ b/vp8/vp8_dx_iface.c @@ -439,6 +439,9 @@ static vpx_codec_err_t vp8_decode(vpx_codec_alg_priv_t *ctx, pc->fb_idx_ref_cnt[pc->new_fb_idx]--; } pc->error.setjmp = 0; + ctx->si.w = 0; + ctx->si.h = 0; + ctx->decoder_init = 0; res = update_error_state(ctx, &pbi->common.error); return res; } -- 2.40.0