search

ericmckean / webm

Automatically exported from code.google.com/p/webm
0 stars 0 forks source link

memory overrun bug in allocate_gf_group_bits #815

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The last line of the for loop at the bottom of the function 
allocate_gf_group_bits() over-runs the array bounds when keyframe interval is > 
50  (vp9_firstpass.c:1488):

 twopass->gf_group_bit_allocation[group_frame_index++] = target_frame_size;

The root cause is the the loop bounds are derived from variable 
rc->static_scene_max_gf_interval, which is set to key frame interval / 2, but 
gf_group_bit_allocation is statically sized by MAX_LAG_FRAMES *2 (50).

Original issue reported on code.google.com by ckra...@google.com on 20 Jun 2014 at 7:11

GoogleCodeExporter commented 9 years ago 
FYI, the attached patch is how I worked around the problem.

Original comment by ckra...@google.com on 23 Jun 2014 at 5:01

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks,
There is a later pending patch which caps rc->static_scene_max_gf_interval.

Original comment by paulwilk...@google.com on 23 Jun 2014 at 7:17

GoogleCodeExporter commented 9 years ago 
This should be resolved as part of patch 
I38310daaf23fd906004c0e8ee3e99e15570f84cb

Original comment by paulwilk...@google.com on 24 Jun 2014 at 3:41