Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Autodesk: Upgrade aom to v3.10.0 #3297

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Autodesk: Upgrade aom to v3.10.0 #3297

wants to merge 1 commit into from
+16,015 −16,878

Conversation

erikaharrison-adsk
Copy link
Contributor

Description of Change(s)

Upgrade aom version to v3.10.0

Fixes Issue(s)

  • N/A
  • I have verified that all unit tests pass with the proposed changes
  • I have submitted a signed Contributor License Agreement

@meshula
Copy link
Member

meshula commented Sep 18, 2024

Hi! Thank you for taking on an upgrade of the aom library.

I was wondering if you might be able to say a few words about the motivation for upgrading? I can see that this version introduces a new concurrency system, a variety of optimizations for Neon, and a lot of general house keeping and code style improvements (such as replacing some macros with keywords).

Of course it is nice to be up to date, but I was wondering if you had encountered something that prompted an upgrade? Something like compatibility, performance, a new feature, or bringing the library into alignment with an internal version? Or is this a general maintenance contribution?

Thanks!

@zhangha182
Copy link
Contributor

Hi! Thank you for taking on an upgrade of the aom library.

I was wondering if you might be able to say a few words about the motivation for upgrading? I can see that this version introduces a new concurrency system, a variety of optimizations for Neon, and a lot of general house keeping and code style improvements (such as replacing some macros with keywords).

Of course it is nice to be up to date, but I was wondering if you had encountered something that prompted an upgrade? Something like compatibility, performance, a new feature, or bringing the library into alignment with an internal version? Or is this a general maintenance contribution?

Thanks!

As the scan tool (BlackDuck) shows, libaom - v3.0.0 has a High vulnerability of BDSA-2024-3423 (CVE-2024-5171).

Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:

  • Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

  • Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

  • Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.

@meshula
Copy link
Member

meshula commented Sep 18, 2024

Oh, that's very good to know. Thank you for taking action on it.

@jesschimein
Copy link
Contributor

Filed as internal issue #USD-10143

@jesschimein
Copy link
Contributor

/AzurePipelines run

@azure-pipelines Azure Pipelines
Copy link

Pull request contains merge conflicts.

@erikaharrison-adsk
Copy link
Contributor Author

Branch updated to address merge conflicts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@erikaharrison-adsk @meshula @zhangha182 @jesschimein @crescentyue74