ref: b9a43c60954a5ca338febf252a1abbed2cd9e4d0
parent: 5e8eccf283bafe4663c44379473b4c7660154e2c
author: Luc Trudeau <[email protected]>
date: Thu Nov 21 11:48:00 EST 2019
Avoid adding offsets to NULL pointers Applying non-zero offset to a NULL pointer is undefined behavior
--- a/src/decode.c
+++ b/src/decode.c
@@ -524,6 +524,7 @@
{
int have_top = i > first;
+ assert(pal_idx);
pal_idx += first + (i - first) * stride;
for (int j = first, n = 0; j >= last; have_top = 1, j--, n++, pal_idx += stride - 1) {
const int have_left = j > 0;
@@ -586,6 +587,7 @@
{
Dav1dTileState *const ts = t->ts;
const ptrdiff_t stride = bw4 * 4;
+ assert(pal_idx);
pal_idx[0] = dav1d_msac_decode_uniform(&ts->msac, b->pal_sz[pl]);
uint16_t (*const color_map_cdf)[8] =
ts->cdf.m.color_map[pl][b->pal_sz[pl] - 2];
@@ -1125,6 +1127,7 @@
if (b->pal_sz[0]) {
uint8_t *pal_idx;
if (f->frame_thread.pass) {
+ assert(ts->frame_thread.pal_idx);
pal_idx = ts->frame_thread.pal_idx;
ts->frame_thread.pal_idx += bw4 * bh4 * 16;
} else
@@ -1137,6 +1140,7 @@
if (has_chroma && b->pal_sz[1]) {
uint8_t *pal_idx;
if (f->frame_thread.pass) {
+ assert(ts->frame_thread.pal_idx);
pal_idx = ts->frame_thread.pal_idx;
ts->frame_thread.pal_idx += cbw4 * cbh4 * 16;
} else
@@ -2322,10 +2326,15 @@
const int sb_shift = f->sb_shift;
const uint8_t *const size_mul = ss_size_mul[f->cur.p.layout];
- ts->frame_thread.pal_idx =
- &f->frame_thread.pal_idx[(size_t)tile_start_off * size_mul[1] / 4];
- ts->frame_thread.cf = (uint8_t*)f->frame_thread.cf +
- (((size_t)tile_start_off * size_mul[0]) >> !f->seq_hdr->hbd);
+ ts->frame_thread.pal_idx = f->frame_thread.pal_idx ?
+ &f->frame_thread.pal_idx[(size_t)tile_start_off * size_mul[1] / 4] :
+ NULL;
+
+ ts->frame_thread.cf = f->frame_thread.cf ?
+ (uint8_t*)f->frame_thread.cf +
+ (((size_t)tile_start_off * size_mul[0]) >> !f->seq_hdr->hbd) :
+ NULL;
+
dav1d_cdf_thread_copy(&ts->cdf, &f->in_cdf);
ts->last_qidx = f->frame_hdr->quant.yac;
memset(ts->last_delta_lf, 0, sizeof(ts->last_delta_lf));
@@ -3110,12 +3119,18 @@
tile_idx++)
{
Dav1dTileState *const ts = &f->ts[tile_idx];
- const int tile_start_off = f->frame_thread.tile_start_off[tile_idx];
- ts->frame_thread.pal_idx = &f->frame_thread.pal_idx[tile_start_off * size_mul[1] / 4];
- ts->frame_thread.cf = (uint8_t*)f->frame_thread.cf +
- ((tile_start_off * size_mul[0]) >> !f->seq_hdr->hbd);
+ const size_t tile_start_off =
+ (size_t) f->frame_thread.tile_start_off[tile_idx];
+ ts->frame_thread.pal_idx = f->frame_thread.pal_idx ?
+ &f->frame_thread.pal_idx[tile_start_off * size_mul[1] / 4] :
+ NULL;
+ ts->frame_thread.cf = f->frame_thread.cf ?
+ (uint8_t*)f->frame_thread.cf +
+ ((tile_start_off * size_mul[0]) >> !f->seq_hdr->hbd) :
+ NULL;
if (f->n_tc > 0) {
- unsigned row_sb_start = f->frame_hdr->tiling.row_start_sb[ts->tiling.row];
+ const unsigned row_sb_start =
+ f->frame_hdr->tiling.row_start_sb[ts->tiling.row];
atomic_init(&ts->progress, row_sb_start);
}
}
--- a/src/recon_tmpl.c
+++ b/src/recon_tmpl.c
@@ -680,6 +680,7 @@
struct CodedBlockInfo *cbi;
if (f->frame_thread.pass) {
+ assert(ts->frame_thread.cf);
cf = ts->frame_thread.cf;
ts->frame_thread.cf += imin(t_dim->w, 8) * imin(t_dim->h, 8) * 16;
cbi = &f->frame_thread.cbi[t->by * f->b4_stride + t->bx];
@@ -1149,6 +1150,7 @@
4 * (t->by * PXSTRIDE(f->cur.stride[0]) + t->bx);
const uint8_t *pal_idx;
if (f->frame_thread.pass) {
+ assert(ts->frame_thread.pal_idx);
pal_idx = ts->frame_thread.pal_idx;
ts->frame_thread.pal_idx += bw4 * bh4 * 16;
} else {
@@ -1345,6 +1347,7 @@
const uint16_t (*pal)[8];
const uint8_t *pal_idx;
if (f->frame_thread.pass) {
+ assert(ts->frame_thread.pal_idx);
pal = f->frame_thread.pal[((t->by >> 1) + (t->bx & 1)) * (f->b4_stride >> 1) +
((t->bx >> 1) + (t->by & 1))];
pal_idx = ts->frame_thread.pal_idx;