ref: 3fb6f75feb973a6c59a627c9375b431618fd5ee8
parent: 5fbc7a286b4d72883392fdbb10ec52bace662f66
author: Venkatarama NG. Avadhani <[email protected]>
date: Wed Oct 24 13:17:58 EDT 2018
Fix DoS in Error Streams This fixes an issue where, in very rare error cases, one row of LPF could be waiting infinitely for its previous row's LPF to complete. With LPF optimization, the second row's LPF could be triggered before the first row's LPF. In this case, the second row's LPF will wait for LPF of n-sync number of SBs of the first row to finish. In error streams, depending on when the error was detected, the LPF job of the first row may then never be triggered. This puts the thread doing the second row's LPF in an infinite wait. The issue is reproduceable once in approximately 500 runs of the clip in bug 1562. BUG=webm:1562 Change-Id: I265d7df5ceeff0410334f5b9a4181f895bb54cab
--- a/vp9/common/vp9_thread_common.c
+++ b/vp9/common/vp9_thread_common.c
@@ -8,6 +8,7 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#include <limits.h>
#include "./vpx_config.h"
#include "vpx_dsp/vpx_dsp_common.h"
#include "vpx_mem/vpx_mem.h"
@@ -402,6 +403,11 @@
pthread_mutex_unlock(&lf_sync->recon_done_mutex[cur_row]);
pthread_mutex_lock(&lf_sync->lf_mutex);
if (lf_sync->corrupted) {
+ int row = return_val >> MI_BLOCK_SIZE_LOG2;
+ pthread_mutex_lock(&lf_sync->mutex[row]);
+ lf_sync->cur_sb_col[row] = INT_MAX;
+ pthread_cond_signal(&lf_sync->cond[row]);
+ pthread_mutex_unlock(&lf_sync->mutex[row]);
return_val = -1;
}
pthread_mutex_unlock(&lf_sync->lf_mutex);