From patchwork Fri Nov 9 05:31:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 10961 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 98E8E44D27C for ; Fri, 9 Nov 2018 07:39:16 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0BB67689A27; Fri, 9 Nov 2018 07:38:48 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9CE4E689E7A for ; Fri, 9 Nov 2018 07:38:41 +0200 (EET) Received: by mail-wr1-f68.google.com with SMTP id i17-v6so549286wre.7 for ; Thu, 08 Nov 2018 21:39:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KmXEextCYdET7t8CwoTuImfsjHG/Ex0dOL9M6TtL1pA=; b=e0urrDiRMYIM3vyHtNydV7+TWtiWFmjUjDXOQASMqFTi6jrBuANK5Xm3kiji2xZ0P4 c1xWa0ohiLe1rSgs8Ch4YdDPtq/Ip32e7UzSIsRCY4+y5LVTy0nkGbN4GvL2dIdJWSTZ 05M9/IpwMP7n10PkKQYiL0uZC+BpSDRk+P6ZssVPRy8wdTpbEXzHbxCzXFuVYnyY1e01 a4k6E5OR4WCsDvs5nS3VS4Sdd7ra2OqS8p88SYufZuDe+5Z7nJY35sLCR7337gVeJEh3 pY3L8/ruDFR/iPz92a9Z/jtK5DxnyWLskRQHXNFulA7fbDAK3330IVWsFJG3gb74T3Ch FAvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KmXEextCYdET7t8CwoTuImfsjHG/Ex0dOL9M6TtL1pA=; b=o91GIr62hl+l88VaChDxJ2jA/id5wQgK+o/nZzarCbK7k+Hxqjs3/0qgS0226Gh0on 3mMS3/iadSgy/JnvrDr4m9oKiTEWGWF+ST9JIheS/tsQmvpIVYGQuk8+lqW6Kd9VAk5d l5z8czKmal2rXX1K3CUO3yEw7PpBqjIOJQlob4YgB2HUxL/nus5oGhOfxY9Kfq7z7QHr Yi8mlC3ISQcD53qH9YjzA/utA/n4uNAZvVSt3bqsHi5L9DERotKTfE3EaMX/RVirCwCV tkazhwVno/+DAP6jHpTOsz94RqP88jR+K1XMFFWDxVPkk18BViEgkzuapehyKAvMteYL axYQ== X-Gm-Message-State: AGRZ1gIYZq16EZbuQzbYddwZAL5nxNw1prpBtAoR5kYdt/mheTu8Dvp1 1UTMBxm2wVlqDnx/NiEKhRQhvDtd X-Google-Smtp-Source: AJdET5eDX6C9Ixl1SqsE0slwUa3Qj6Rqp2ojWou14QaphxKd2TgcMppinytrXL+I3/LyOLb+eJ2lZw== X-Received: by 2002:adf:e206:: with SMTP id j6-v6mr6447994wri.205.1541741584732; Thu, 08 Nov 2018 21:33:04 -0800 (PST) Received: from localhost.localdomain (ipbcc08c44.dynamic.kabel-deutschland.de. [188.192.140.68]) by smtp.googlemail.com with ESMTPSA id l140-v6sm1098230wmb.24.2018.11.08.21.33.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Nov 2018 21:33:04 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 9 Nov 2018 06:31:34 +0100 Message-Id: <20181109053138.4572-3-andreas.rheinhardt@googlemail.com> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181109053138.4572-1-andreas.rheinhardt@googlemail.com> References: <20181109053138.4572-1-andreas.rheinhardt@googlemail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/6] cbs_h2645: Do a deep copy for parameter sets X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This commit solves dangling pointers problems when the content of a parameter set isn't refcounted in the beginning: Now a deep copy of the parameter sets is performed. Signed-off-by: Andreas Rheinhardt --- libavcodec/cbs_h2645.c | 59 +++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 9 deletions(-) diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index 37b0207420..e73706f2e6 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -674,7 +674,26 @@ static int cbs_h2645_split_fragment(CodedBitstreamContext *ctx, return 0; } -#define cbs_h2645_replace_ps(h26n, ps_name, ps_var, id_element) \ + +#define cbs_h2645_replace_ps(h26n, ps_name, ps_var, id_element, buffer) \ +static AVBufferRef* cbs_h26 ## h26n ## _copy_ ## ps_var(const H26 ## h26n ## Raw ## ps_name *source)\ +{ \ + H26 ## h26n ## Raw ## ps_name *copy; \ + AVBufferRef *copy_ref; \ + copy = av_malloc(sizeof(*source)); \ + if (!copy) \ + return NULL; \ + memcpy(copy, source, sizeof(*source)); \ + copy_ref = av_buffer_create((uint8_t*)copy, sizeof(*source), \ + FREE(h26n, ps_var), NULL, 0); \ + if (!copy_ref) { \ + av_free(copy); \ + return NULL; \ + } \ + cbs_h2645_copy_substructure(h26n, ps_name, ps_var, buffer) \ + return copy_ref; \ +} \ + \ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \ CodedBitstreamUnit *unit) \ { \ @@ -692,21 +711,43 @@ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \ if (unit->content_ref) \ priv->ps_var ## _ref[id] = av_buffer_ref(unit->content_ref); \ else \ - priv->ps_var ## _ref[id] = av_buffer_alloc(sizeof(*ps_var)); \ + priv->ps_var ## _ref[id] = cbs_h26 ## h26n ## _copy_ ## ps_var(ps_var); \ if (!priv->ps_var ## _ref[id]) \ return AVERROR(ENOMEM); \ priv->ps_var[id] = (H26 ## h26n ## Raw ## ps_name *)priv->ps_var ## _ref[id]->data; \ - if (!unit->content_ref) \ - memcpy(priv->ps_var[id], ps_var, sizeof(*ps_var)); \ return 0; \ } -cbs_h2645_replace_ps(4, SPS, sps, seq_parameter_set_id) -cbs_h2645_replace_ps(4, PPS, pps, pic_parameter_set_id) -cbs_h2645_replace_ps(5, VPS, vps, vps_video_parameter_set_id) -cbs_h2645_replace_ps(5, SPS, sps, sps_seq_parameter_set_id) -cbs_h2645_replace_ps(5, PPS, pps, pps_pic_parameter_set_id) +#define FREE(h26n, ps_var) NULL +#define cbs_h2645_copy_substructure(h26n, ps_name, ps_var, buffer) +cbs_h2645_replace_ps(4, SPS, sps, seq_parameter_set_id, ) +#undef cbs_h2645_copy_substructure +#undef FREE + +#define FREE(h26n, ps_var) &cbs_h26 ## h26n ## _free_ ## ps_var +#define cbs_h2645_copy_substructure(h26n, ps_name, ps_var, buffer) \ + if (source->buffer) { \ + copy->buffer ## _ref = av_buffer_allocz(SIZE + AV_INPUT_BUFFER_PADDING_SIZE); \ + if (!copy->buffer) { \ + av_buffer_unref(©_ref); \ + return NULL; \ + } \ + copy->buffer = copy->buffer ## _ref->data; \ + memcpy(copy->buffer, source->buffer, SIZE); \ + } + +#define SIZE (copy->pic_size_in_map_units_minus1 + 1) +cbs_h2645_replace_ps(4, PPS, pps, pic_parameter_set_id, slice_group_id) +#undef SIZE + +#define SIZE ((copy->extension_data.bit_length + 7) / 8) +cbs_h2645_replace_ps(5, VPS, vps, vps_video_parameter_set_id, extension_data.data) +cbs_h2645_replace_ps(5, SPS, sps, sps_seq_parameter_set_id, extension_data.data) +cbs_h2645_replace_ps(5, PPS, pps, pps_pic_parameter_set_id, extension_data.data) +#undef SIZE +#undef FREE + static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx, CodedBitstreamUnit *unit)