When mb qp delta is not signalled due to cbp being zero,
mb qp delta ctxt is not being reset. This is causing bitstream
decode problems when mb qp is enabled
When the i frame interval is larger than idr frame interval, bitrate
deviations are seen in bitstream.
Forced idr_interval to be a multiple of I frame interval.
When IDR frame is skipped due to VBV constraints, the frame
number should not be reset. Since it was reset earlier, it
was leading to bistream being not decodable in such a case.
Restore frame_num during idr skip.
In frame drop mode, the stream generated is non-compliant.
For now disable frame drop mode.
Bug: oss-fuzz-61202
Bug: oss-fuzz-59598
Test: ./avc_enc_fuzzer
Change-Id: Ifed950082ae2c6e70d6a7da4547b6ffeb44cf759
During bitstream overflow errors, it is possible that update post
enc gets skipped as last row might never have to be entropy coded
as we have already consumed the buffer. This can be fatal for
encoding further frames. Move this update to a location where it
is guaranteed to be updated
Bug: oss-fuzz-62378
Test: ./avc_enc_fuzzer
Change-Id: I279deb1f30c15c057c0b6e909834313a1df4fdac
As bitstream overflow errors are not marked as fatal errors and
these recons are being used for reference, its best to return
the partial encoded buffers for application
Change-Id: I30a8e9907cf42d3bc883ee78b28cbae723bad7ac
During entropy error, even though the bitstream buffer is not written
with additional bytes, the bitstream context state is getting updated.
As the number of bits left in current word is updated, the get_num_bits
used for computing header and texture bits can become negative causing
overflow errors
Change-Id: I2f990071a9935b2ee328dbd3915dfbefccbab4c5
At the end of encoding of a frame, the entropy thread communicates
the encoded bit stream size to rc module for update. After this
update, if rc decides to skip the frame due to vbv overflow, the
bitstream context is reset and frame is marked for skip.
Due to an oversight, if entropy encoding sees an error, then this
update is happening at the end of each row. Now rc has decided to
skip the frame and the context is reset. As the bitstream context is
reset, other threads are unaware of this problem and continue encoding.
This is causing issues.
Restrict the rc update to the thread that entropy code the last row.
Bug: oss-fuzz:59543
Bug: 285891354
Test: avc_enc_fuzzer
Change-Id: If45a5f34abb59ece812733af8f54f72ae5474d03
[x] For certain sequences of modification_of_pic_nums_idc,
OOB accessses of the aps_mod_dpb buffer within mvc_dpb_manager_t
struct could occur. This case has been now detected
and handled.
[x] Removed unused variables in 'imvcd_slice_functions.c'.
Test: mvc_dec_fuzzer
A 'consumption ratio' is computed fr every MB when
in-frame RC is enabled. This computation can result in
divide-by-zeros in certain circumstances. Such cases
are now appropriately handled.
Bug: ossFuzz:60828
Test: svc_enc_fuzzer
During encoding, if encoder encounters an error, the library returns the
same. If the application ignores it and feeds further input, library
while processing the new input is facing a null dereference.
1. Added a error check in encode API call before processing input
2. Made entropy bitstream buffer overflow errors non-fatal.
Bug: 187499509
Test: POC in bug descriptions
atest VtsHalMediaC2V1_0TargetVideoEncTest
atest -c CtsMediaV2TestCases:CodecEncoderTest
The worst case FGC SEI payload size in cojunction with the worst
case sizes of other NALU's can be significantly larger than the
default bitstream buffer size of 256000. It is now set to the sum
of 256000 and MAX_FGC_SEI_SIZE.
Bug: ossFuzz:58190
Test: mvc_dec_fuzzer
In some cases, s_inp_buf and s_out_buf on stack in ih264e_encode()
can be accessed unininitialized. This is fixed by initializing these
two structures.
Bug: oss-fuzz:57333
Bug: 274906999
Test: avc_enc_fuzzer
The ILP MV struct pointer will be set to NULL for I slices and
for spatial layer ID 0. A NULL check ought to be used in all places
that access this pointer. This was missing in 2 places and has been
added.
Test: svc_enc_fuzzer
RC uses int32_t for storing multiple quantities related to
bits in a given period.
'isvce_svc_frame_params_validate' has been added, which queries
RC API for the relevant quantities and returns with and error
if computations involving those quantities exceed INT32_MAX.
Bug: 274221347
Bug: 274265498
Test: svc_enc_fuzzer
Using incorrect stride during copy from source buffer to intermediate buffer. This is corrected
Bug: 242379731
Bug: 242386193
Test: avcenc -c enc.cfg
Change-Id: I307525906ee6f6df5d8e114ebbafa40d6442662d
(cherry picked from commit 0a87a34fccffe15c2cc80670cf1058e7a3313c6a)
Merged-In: I307525906ee6f6df5d8e114ebbafa40d6442662d
If 'u4_strm_buf_offset < 4' when 'isvce_cabac_flush' is called,
then EPB could not have been inserted into the stream buffer.
BUG = ossfuzz:56816
Test: svc_enc_fuzzer