search

kleopatra999 / webm

Automatically exported from code.google.com/p/webm
0 stars 0 forks source link

Segmentation fault in motion compensation #850

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
PROBLEM
-------

Motion compensation causes a segmentation fault when:

1. The motion vector is 0,0
2. Scaling is being used
3. The reference frame has width a multiple of 8 and height a multiple of 8
4. The block is at the border of the image

EXPLANATION
-----------

The problem seems to be caused by 
vp9/common/vp9_reconinter.c:dec_build_inter_predictors.

There is code that tests to see whether any border extension is required, but 
it is inside the following if statement:

     if (scaled_mv.col || scaled_mv.row ||
        (frame_width & 0x7) || (frame_height & 0x7)) {

For unscaled images, a zero motion vector means that the block is simply copied 
from the previous frame.  However, for scaled images a scaling filter is used 
which has a wider support.  This means that even for zero motion, a filter is 
still applied and this results in the access of illegal memory locations.

PROPOSED FIX
------------

Perhaps the if statement should be changed to:

    if (vp9_is_scaled(sf) || scaled_mv.col || scaled_mv.row ||
        (frame_width & 0x7) || (frame_height & 0x7)) {

Original issue reported on code.google.com by peter.de...@gmail.com on 3 Sep 2014 at 10:36

GoogleCodeExporter commented 9 years ago 
Hi, Could you attached the video that caused this problem.

Thanks.

Original comment by hku...@google.com on 3 Sep 2014 at 3:13

GoogleCodeExporter commented 9 years ago 
The stream that causes this problem is part of Argon Streams VP9 - a commercial 
test suite for VP9, so I am afraid I am not allowed to upload it publicly.  
However, if you let me know your full email address I can send you the file (it 
is only 18kbytes).

Original comment by peter.de...@gmail.com on 4 Sep 2014 at 8:12

GoogleCodeExporter commented 9 years ago

Original comment by ya...@google.com on 9 Sep 2014 at 5:55

GoogleCodeExporter commented 9 years ago 
Is #853 related to this too?

Original comment by ya...@google.com on 9 Sep 2014 at 6:00

GoogleCodeExporter commented 9 years ago 
I believe they are independent bugs and both need to be fixed to avoid 
segmentation faults.

Original comment by peter.de...@gmail.com on 9 Sep 2014 at 7:19

GoogleCodeExporter commented 9 years ago 
Thanks, Peter, I have uploaded your fix here: 
https://gerrit.chromium.org/gerrit/#/c/71649/

Please review, in the mean time, would you please send the problematic stream 
to me via email: yaowu@google.com.

Original comment by ya...@google.com on 24 Sep 2014 at 5:12

GoogleCodeExporter commented 9 years ago 
The patch is now merged.

Original comment by ya...@google.com on 25 Sep 2014 at 4:13