From 0dc25b86e29e4a2598e3b03c59ee6ed3ee351c6b Mon Sep 17 00:00:00 2001 From: siivonek Date: Sat, 13 Nov 2021 16:44:51 +0200 Subject: [PATCH] Fix invalid memory read. --- src/intra.c | 3 ++- src/search_intra.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/intra.c b/src/intra.c index a53b6be5..aec068c7 100644 --- a/src/intra.c +++ b/src/intra.c @@ -1016,12 +1016,13 @@ static void intra_recon_tb_leaf( // Extra reference lines for use with MRL. Extra lines needed only for left edge. kvz_pixel extra_refs[2 * 128 * MAX_REF_LINE_IDX] = { 0 }; - if (x > 0 && lcu_px.x == 0) { + if (x > 0 && lcu_px.x == 0 && lcu_px.y > 0) { videoframe_t* const frame = state->tile->frame; // Copy ref lines 2 & 3. Line 1 is stored in LCU ref buffers. for (int i = 0; i < MAX_REF_LINE_IDX; ++i) { int height = (LCU_WIDTH >> depth) * 2 + MAX_REF_LINE_IDX; + height = MIN(height, pic_px.y - (y - MAX_REF_LINE_IDX)); kvz_pixels_blit(&frame->rec->y[(y - MAX_REF_LINE_IDX) * frame->rec->stride + x - (1 + i)], &extra_refs[i * 2 * 128], 1, height, diff --git a/src/search_intra.c b/src/search_intra.c index be9f53fb..70c8ec25 100644 --- a/src/search_intra.c +++ b/src/search_intra.c @@ -1056,12 +1056,13 @@ void kvz_search_cu_intra(encoder_state_t * const state, // Extra reference lines for use with MRL. Extra lines needed only for left edge. kvz_pixel extra_refs[2 * 128 * MAX_REF_LINE_IDX] = {0}; - if (x_px > 0 && lcu_px.x == 0) { + if (x_px > 0 && lcu_px.x == 0 && lcu_px.y > 0) { videoframe_t* const frame = state->tile->frame; // Copy extra ref lines, including ref line 1 and top left corner. for (int i = 0; i < MAX_REF_LINE_IDX; ++i) { - int height = (LCU_WIDTH >> depth) * 2 + MAX_REF_LINE_IDX; + int height = (LCU_WIDTH >> depth) * 2 + MAX_REF_LINE_IDX; + height = MIN(height, pic_px.y - (y_px - MAX_REF_LINE_IDX)); kvz_pixels_blit(&frame->rec->y[(y_px - MAX_REF_LINE_IDX) * frame->rec->stride + x_px - (1 + i)], &extra_refs[i * 2 * 128], 1, height,