From 7d4e27ca908d2ac97e7266debd44feb128974a5a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <michael@niedermayer.cc> Date: Tue, 6 Aug 2019 18:05:02 +0200 Subject: [PATCH] avcodec/hevc_refs: Optimize 16bit generate_missing_ref() Fixes: Timeout (86sec -> 8sec) [these numbers assume also "[FFmpeg-devel] [PATCH 2/5] [RFC] avcodec/hevcdec: Check for overread in hls_decode_entry()"] Fixes: 15702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657764929470464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da8936969fe695a042282d5686e12227745d299a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/hevc_refs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/hevc_refs.c b/libavcodec/hevc_refs.c index 7cf3a55725..7870a72fd6 100644 --- a/libavcodec/hevc_refs.c +++ b/libavcodec/hevc_refs.c @@ -394,7 +394,7 @@ static void mark_ref(HEVCFrame *frame, int flag) static HEVCFrame *generate_missing_ref(HEVCContext *s, int poc) { HEVCFrame *frame; - int i, x, y; + int i, y; frame = alloc_frame(s); if (!frame) @@ -407,11 +407,11 @@ static HEVCFrame *generate_missing_ref(HEVCContext *s, int poc) frame->frame->buf[i]->size); } else { for (i = 0; frame->frame->data[i]; i++) - for (y = 0; y < (s->ps.sps->height >> s->ps.sps->vshift[i]); y++) - for (x = 0; x < (s->ps.sps->width >> s->ps.sps->hshift[i]); x++) { - AV_WN16(frame->frame->data[i] + y * frame->frame->linesize[i] + 2 * x, - 1 << (s->ps.sps->bit_depth - 1)); - } + for (y = 0; y < (s->ps.sps->height >> s->ps.sps->vshift[i]); y++) { + uint8_t *dst = frame->frame->data[i] + y * frame->frame->linesize[i]; + AV_WN16(dst, 1 << (s->ps.sps->bit_depth - 1)); + av_memcpy_backptr(dst + 2, 2, 2*(s->ps.sps->width >> s->ps.sps->hshift[i]) - 2); + } } }