diff options
author | Marco Paniconi <marpan@google.com> | 2022-11-28 14:25:08 -0800 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-01-20 14:55:01 +0000 |
commit | ba1eefbb033bd01f5d3fc5b3b26d707f28355204 (patch) | |
tree | 32387b4a9ee4089b25b1e2086d0456116265316d | |
parent | 2d32104d812ef4497878bcb31b5d3dd32ba5cfdb (diff) | |
download | qtwebengine-chromium-ba1eefbb033bd01f5d3fc5b3b26d707f28355204.tar.gz |
[Backport] Security bug 1393384
Manual backport of patch originally submitted on
https://aomedia-review.googlesource.com/c/aom/+/167662:
rtc: Avoid scene detection on resize
Don't enter scene detection under external resize.
Add rc->prev_coded_width/height to track the
previous encoded frame eweight/height.
The rc is part of layer context so this will be
per spatial layer for SVC.
This fixes the buffer overflow issue below.
Bug: chromium:1393384
Change-Id: I4b11818a27c439c2d2c42036dff7b8777f70a86e
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/450082
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.c | 12 | ||||
-rw-r--r-- | chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.h | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.c b/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.c index afc801eb31a..8cb99628c8e 100644 --- a/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.c +++ b/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.c @@ -1843,6 +1843,8 @@ void av1_rc_postencode_update(AV1_COMP *cpi, uint64_t bytes_used) { update_golden_frame_stats(cpi); if (current_frame->frame_type == KEY_FRAME) rc->frames_since_key = 0; + rc->prev_coded_width = cm->width; + rc->prev_coded_height = cm->height; // if (current_frame->frame_number == 1 && cm->show_frame) /* rc->this_frame_target = @@ -1858,6 +1860,8 @@ void av1_rc_postencode_update_drop_frame(AV1_COMP *cpi) { cpi->rc.frames_to_key--; cpi->rc.rc_2_frame = 0; cpi->rc.rc_1_frame = 0; + cpi->rc.prev_coded_width = cpi->common.width; + cpi->rc.prev_coded_height = cpi->common.height; } int av1_find_qindex(double desired_q, aom_bit_depth_t bit_depth, @@ -2598,8 +2602,12 @@ void av1_get_one_pass_rt_params(AV1_COMP *cpi, } } // Check for scene change, for non-SVC for now. - if (!cpi->use_svc && cpi->sf.rt_sf.check_scene_detection) - rc_scene_detection_onepass_rt(cpi); + if (!cpi->use_svc && cpi->sf.rt_sf.check_scene_detection) { + if (rc->prev_coded_width == cm->width && + rc->prev_coded_height == cm->height) { + rc_scene_detection_onepass_rt(cpi); + } + } // Check for dynamic resize, for single spatial layer for now. // For temporal layers only check on base temporal layer. if (cpi->oxcf.resize_cfg.resize_mode == RESIZE_DYNAMIC) { diff --git a/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.h b/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.h index 7f26f388374..65aa91f806c 100644 --- a/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.h +++ b/chromium/third_party/libaom/source/libaom/av1/encoder/ratectrl.h @@ -298,6 +298,9 @@ typedef struct { int resize_buffer_underflow; int resize_count; /*!\endcond */ + + int prev_coded_width; + int prev_coded_height; } RATE_CONTROL; /*!\cond */ |