[FFmpeg-devel,v3] libavcodec/cbs_av1: Add size check before parse obu

cbs_av1_write_unit() check pbc size after parsing obu frame, and return
AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
frame will be parsed again, but this may cause error because
CodedBitstreamAV1Context has already been updated, for example
ref_order_hint is updated and will not match the same obu frame. Now size
check is added before parsing obu frame to avoid this error.

Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
---
 libavcodec/cbs_av1.c | 3 +++
 1 file changed, 3 insertions(+)

> cbs_av1_write_unit() check pbc size after parsing obu frame, and return
> AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
> frame will be parsed again, but this may cause error because
> CodedBitstreamAV1Context has already been updated, for example
> ref_order_hint is updated and will not match the same obu frame. Now size
> check is added before parsing obu frame to avoid this error.
> 
> Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
> ---
>  libavcodec/cbs_av1.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> index 154d9156cf..9c51a8c7c8 100644
> --- a/libavcodec/cbs_av1.c
> +++ b/libavcodec/cbs_av1.c
> @@ -1075,6 +1075,9 @@ static int
> cbs_av1_write_obu(CodedBitstreamContext *ctx,
>          put_bits32(pbc, 0);
>      }
> 
> +    if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc))
> +        return AVERROR(ENOSPC);
> +
>      td = NULL;
>      start_pos = put_bits_count(pbc);
> 
> --
> 2.32.0

Ping

> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

> > cbs_av1_write_unit() check pbc size after parsing obu frame, and return
> > AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
> > frame will be parsed again, but this may cause error because
> > CodedBitstreamAV1Context has already been updated, for example
> > ref_order_hint is updated and will not match the same obu frame. Now
> size
> > check is added before parsing obu frame to avoid this error.
> >
> > Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
> > ---
> >  libavcodec/cbs_av1.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> > index 154d9156cf..9c51a8c7c8 100644
> > --- a/libavcodec/cbs_av1.c
> > +++ b/libavcodec/cbs_av1.c
> > @@ -1075,6 +1075,9 @@ static int
> > cbs_av1_write_obu(CodedBitstreamContext *ctx,
> >          put_bits32(pbc, 0);
> >      }
> >
> > +    if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc))
> > +        return AVERROR(ENOSPC);
> > +
> >      td = NULL;
> >      start_pos = put_bits_count(pbc);
> >
> > --
> > 2.32.0
> 
> Ping

Ping 

> 
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

> cbs_av1_write_unit() check pbc size after parsing obu frame, and return

It is cbs_av1_write_obu(), not cbs_av1_write_unit(), right ? 

Thanks
Haihao


> AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
> frame will be parsed again, but this may cause error because
> CodedBitstreamAV1Context has already been updated, for example
> ref_order_hint is updated and will not match the same obu frame. Now size
> check is added before parsing obu frame to avoid this error.
> 
> Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
> ---
>  libavcodec/cbs_av1.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> index 154d9156cf..9c51a8c7c8 100644
> --- a/libavcodec/cbs_av1.c
> +++ b/libavcodec/cbs_av1.c
> @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx,
>          put_bits32(pbc, 0);
>      }
>  
> +    if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc))
> +        return AVERROR(ENOSPC);
> +
>      td = NULL;
>      start_pos = put_bits_count(pbc);
>

> > cbs_av1_write_unit() check pbc size after parsing obu frame, and return
> 
> It is cbs_av1_write_obu(), not cbs_av1_write_unit(), right ?
> 
> Thanks
> Haihao
> 

Sorry, it is typo. cbs_av1_write_obu is assigned to write_unit function pointer.
I will fix it and resubmit patch.

Thanks
Wenbin

> 
> > AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
> > frame will be parsed again, but this may cause error because
> > CodedBitstreamAV1Context has already been updated, for example
> > ref_order_hint is updated and will not match the same obu frame. Now
> size
> > check is added before parsing obu frame to avoid this error.
> >
> > Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
> > ---
> >  libavcodec/cbs_av1.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> > index 154d9156cf..9c51a8c7c8 100644
> > --- a/libavcodec/cbs_av1.c
> > +++ b/libavcodec/cbs_av1.c
> > @@ -1075,6 +1075,9 @@ static int
> cbs_av1_write_obu(CodedBitstreamContext *ctx,
> >          put_bits32(pbc, 0);
> >      }
> >
> > +    if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc))
> > +        return AVERROR(ENOSPC);
> > +
> >      td = NULL;
> >      start_pos = put_bits_count(pbc);
> >
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".