witaly.i… via monorail
2018-11-01 07:45:47 UTC
Status: Untriaged
Owner: ----
Labels: Type-Bug Pri-2
Components: libvpx
New issue 1572 by ***@gmail.com: add noise postproc crash
https://bugs.chromium.org/p/webm/issues/detail?id=1572
vpx_setup_noise() corrupts stack on low add noise values
(vp8_postproc_cfg::noise_level = 3 leads to a quick crash with my video
setup). The problem is pretty obvious if you just look at the function in
question, there's no check if we're within char_dist array boundaries.
Here's some sample code showing overrun (it prints 256, 257 and 258, i.e.
it overwrites next var):
#include <iostream>
#include <cmath>
static double gaussian(double sigma, double mu, double x) {
return 1 / (sigma * sqrt(2.0 * 3.14159265)) *
(exp(-(x - mu) * (x - mu) / (2 * sigma * sigma)));
}
int vpx_setup_noise(double sigma)
{
int8_t char_dist[256];
int next = 0, i, j;
// set up a 256 entry lookup that matches gaussian distribution
for (i = -32; i < 32; ++i) {
const int a_i = (int)(0.5 + 256 * gaussian(sigma, 0, i));
if (a_i) {
for (j = 0; j < a_i; ++j) {
if ((next + j) > 255 || (next + j) < 0)
std::cout << (next + j) << "\n";//char_dist[next + j] = (int8_t)i;
}
next = next + j;
}
}
return 0;
}
int main()
{
vpx_setup_noise(3.25);
return 0;
}
--
You received this message because:
1. The project was configured to send all issue notifications to this
address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Owner: ----
Labels: Type-Bug Pri-2
Components: libvpx
New issue 1572 by ***@gmail.com: add noise postproc crash
https://bugs.chromium.org/p/webm/issues/detail?id=1572
vpx_setup_noise() corrupts stack on low add noise values
(vp8_postproc_cfg::noise_level = 3 leads to a quick crash with my video
setup). The problem is pretty obvious if you just look at the function in
question, there's no check if we're within char_dist array boundaries.
Here's some sample code showing overrun (it prints 256, 257 and 258, i.e.
it overwrites next var):
#include <iostream>
#include <cmath>
static double gaussian(double sigma, double mu, double x) {
return 1 / (sigma * sqrt(2.0 * 3.14159265)) *
(exp(-(x - mu) * (x - mu) / (2 * sigma * sigma)));
}
int vpx_setup_noise(double sigma)
{
int8_t char_dist[256];
int next = 0, i, j;
// set up a 256 entry lookup that matches gaussian distribution
for (i = -32; i < 32; ++i) {
const int a_i = (int)(0.5 + 256 * gaussian(sigma, 0, i));
if (a_i) {
for (j = 0; j < a_i; ++j) {
if ((next + j) > 255 || (next + j) < 0)
std::cout << (next + j) << "\n";//char_dist[next + j] = (int8_t)i;
}
next = next + j;
}
}
return 0;
}
int main()
{
vpx_setup_noise(3.25);
return 0;
}
--
You received this message because:
1. The project was configured to send all issue notifications to this
address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
--
You received this message because you are subscribed to the Google Groups "WebM Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webm-discuss+***@webmproject.org.
To post to this group, send email to webm-***@webmproject.org.
Visit this group at https://groups.google.com/a/webmproject.org/group/webm-discuss/.
For more options, visit https://groups.google.com/a/webmproject.org/d/optout.
You received this message because you are subscribed to the Google Groups "WebM Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webm-discuss+***@webmproject.org.
To post to this group, send email to webm-***@webmproject.org.
Visit this group at https://groups.google.com/a/webmproject.org/group/webm-discuss/.
For more options, visit https://groups.google.com/a/webmproject.org/d/optout.