Added few memsets to avoid uninitialized reads for error clips
Also aligned few allocations to 4 byte boundary
Bug: 25070493
Bug: 24686670
Change-Id: I430b18fce2fe2940f4fb0ff95e5eadc7fdd705d4
diff --git a/decoder/ihevcd_api.c b/decoder/ihevcd_api.c
index 39c1fb6..5032cf0 100644
--- a/decoder/ihevcd_api.c
+++ b/decoder/ihevcd_api.c
@@ -2603,6 +2603,7 @@
ps_codec->s_parse.ps_pps_base = ps_codec->ps_pps_base;
ps_mem_rec = &ps_mem_rec_base[MEM_REC_SLICE_HDR];
+ memset(ps_mem_rec->pv_base, 0, ps_mem_rec->u4_mem_size);
ps_codec->ps_slice_hdr_base = (slice_header_t *)ps_mem_rec->pv_base;
ps_codec->s_parse.ps_slice_hdr_base = ps_codec->ps_slice_hdr_base;
@@ -2714,6 +2715,7 @@
ps_mem_rec = &ps_mem_rec_base[MEM_REC_PROC_SCRATCH];
+ memset(ps_mem_rec->pv_base, 0, ps_mem_rec->u4_mem_size);
{
UWORD8 *pu1_buf = (UWORD8 *)ps_mem_rec->pv_base;
WORD32 pic_pu_idx_map_size;
diff --git a/decoder/ihevcd_utils.c b/decoder/ihevcd_utils.c
index aec64e2..6a58cb9 100644
--- a/decoder/ihevcd_utils.c
+++ b/decoder/ihevcd_utils.c
@@ -690,8 +690,8 @@
mv_bank_size_allocated = ps_codec->i4_total_mv_bank_size - BUF_MGR_MAX_CNT * sizeof(mv_buf_t);
/* Compute MV bank size per picture */
- pic_mv_bank_size = ihevcd_get_pic_mv_bank_size(ps_sps->i2_pic_width_in_luma_samples *
- ps_sps->i2_pic_height_in_luma_samples);
+ pic_mv_bank_size = ihevcd_get_pic_mv_bank_size(ALIGN64(ps_sps->i2_pic_width_in_luma_samples) *
+ ALIGN64(ps_sps->i2_pic_height_in_luma_samples));
for(i = 0; i < max_dpb_size; i++)
{
@@ -725,6 +725,7 @@
pu1_buf += ALIGN4(num_ctb * sizeof(UWORD16));
ps_mv_buf->ps_pic_pu = (pu_t *)pu1_buf;
+ pu1_buf += num_pu * sizeof(pu_t);
buf_ret = ihevc_buf_mgr_add((buf_mgr_t *)ps_codec->pv_mv_buf_mgr, ps_mv_buf, i);
@@ -733,7 +734,7 @@
ps_codec->s_parse.i4_error_code = IHEVCD_BUF_MGR_ERROR;
return IHEVCD_BUF_MGR_ERROR;
}
- pu1_buf += pic_mv_bank_size;
+
ps_mv_buf++;
}
@@ -885,6 +886,35 @@
ps_pic_buf_ref = ihevc_dpb_mgr_get_ref_by_nearest_poc(ps_dpb_mgr, ps_slice_hdr->i4_abs_pic_order_cnt);
if(NULL == ps_pic_buf_ref)
{
+ WORD32 size;
+
+ WORD32 num_pu;
+ WORD32 num_ctb;
+ WORD32 pic_size;
+ /* In case current mv buffer itself is being used as reference mv buffer for colocated
+ * calculations, then memset all the buffers to zero.
+ */
+ pic_size = ALIGN64(ps_sps->i2_pic_width_in_luma_samples) *
+ ALIGN64(ps_sps->i2_pic_height_in_luma_samples);
+
+ num_pu = pic_size / (MIN_PU_SIZE * MIN_PU_SIZE);
+ num_ctb = pic_size / (MIN_CTB_SIZE * MIN_CTB_SIZE);
+
+ memset(ps_mv_buf->l0_collocated_poc, 0, sizeof(ps_mv_buf->l0_collocated_poc));
+ memset(ps_mv_buf->u1_l0_collocated_poc_lt, 0, sizeof(ps_mv_buf->u1_l0_collocated_poc_lt));
+ memset(ps_mv_buf->l1_collocated_poc, 0, sizeof(ps_mv_buf->l1_collocated_poc));
+ memset(ps_mv_buf->u1_l1_collocated_poc_lt, 0, sizeof(ps_mv_buf->u1_l1_collocated_poc_lt));
+
+ size = (num_ctb + 1) * sizeof(WORD32);
+ memset(ps_mv_buf->pu4_pic_pu_idx, 0, size);
+
+ size = num_pu;
+ memset(ps_mv_buf->pu1_pic_pu_map, 0, size);
+ size = ALIGN4(num_ctb * sizeof(UWORD16));
+ memset(ps_mv_buf->pu1_pic_slice_map, 0, size);
+ size = num_pu * sizeof(pu_t);
+ memset(ps_mv_buf->ps_pic_pu, 0, size);
+
ps_pic_buf_ref = ps_cur_pic;
ps_mv_buf_ref = ps_mv_buf;
}
@@ -948,8 +978,8 @@
WORD32 pic_size;
WORD32 num_ctb;
- pic_size = ps_sps->i2_pic_width_in_luma_samples *
- ps_sps->i2_pic_height_in_luma_samples;
+ pic_size = ALIGN64(ps_sps->i2_pic_width_in_luma_samples) *
+ ALIGN64(ps_sps->i2_pic_height_in_luma_samples);
ctb_luma_min_tu_cnt = pic_size / (MIN_TU_SIZE * MIN_TU_SIZE);
