From patchwork Mon Jul 8 21:57:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yan Cen X-Patchwork-Id: 13861 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 6A52A449C05 for ; Tue, 9 Jul 2019 01:22:57 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2F51168AE2E; Tue, 9 Jul 2019 01:22:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1DBB968AE2D for ; Tue, 9 Jul 2019 01:22:50 +0300 (EEST) Received: by mail-pf1-f194.google.com with SMTP id g2so3479492pfq.0 for ; Mon, 08 Jul 2019 15:22:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=1CqCpSxH6vAUjcwT8IM/wYk3S5TUXYkiZnkbgkaC8fU=; b=IhOZDY7pXOY9GWZkwvTWNF4h0qzV1b+UUlAs+hxd0lrxDn7lS887z77VWNXaiSdECp +J+wZ+Oj3kmnYBNUTDT4ArxG1yUqyU0v3T7sKbyBDwNaF/uTUBEjvPAQ1HMfj8dJSHFH ittu0BVvQf7OoNf2XtM28z94WJ6gdi7Bl9XOw5X8cNP/MnoxgLJlyPfb7AbRP8Tvzb07 hSxKJAisia8MaetiXpGhODiZD8HB4iZICmvEBUXaKQciFLHt096VilWEXsVOmP6gZORP Z6cXTca3iJEREj7XsxVH+p+RnDTLCuhQOwpcrin+9xQowS3Ox5NhIfO+P/SYlF5WEiCh Oe8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=1CqCpSxH6vAUjcwT8IM/wYk3S5TUXYkiZnkbgkaC8fU=; b=ByXCmI3hZVZzDyGqVnVGPdbQKvLVf8arWQ7IcCX0pTyyyggSUbUO0hENZen+Vgo8YT vDO67uApal2esj32qOutHHAHy/Q2snZMbCCwsEr6vRUviM3089F9ESE9DtzQu2lyLUP4 lBOTQembd+41VVCq4dLkBIX19Gfm23d4HhNuYwA5ZJ3WroBwXnE22A3N9YHVhfPyXgeM l7vknATxz7IRpXGTs+pg+GdGVFhVtrKm6Py3FUaBEvt7bSB1NJIzgHj0viQkQEuj4PJt NgIG+sllsp45AixFRLrTjG4gnvyLV+1K7PGyTkDWNPCwhzsDNKFTwlWpOgQUzm/3GOo3 Um5A== X-Gm-Message-State: APjAAAV8TIwDcwuMTOltIIcKXGqEonmRRhzXdJadZ+x8P7a5WwkRibg9 udDJrM8s5u88QJcNRby/sT7asIa/T4E= X-Google-Smtp-Source: APXvYqwSPw2Ypv+Na+Y7dxVzUDmIEE+nd/nx5DQjlAhr9bdl1haKiPl/qXkVtmny/rybUxD052dUpw== X-Received: by 2002:a17:90a:2562:: with SMTP id j89mr28589887pje.123.1562624227742; Mon, 08 Jul 2019 15:17:07 -0700 (PDT) Received: from localhost.localdomain ([198.148.118.159]) by smtp.gmail.com with ESMTPSA id bg3sm489480pjb.9.2019.07.08.15.17.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jul 2019 15:17:07 -0700 (PDT) From: Yan Cen To: ffmpeg-devel@ffmpeg.org Date: Mon, 8 Jul 2019 22:57:31 +0100 Message-Id: <1562623051-7944-1-git-send-email-mryancen@gmail.com> X-Mailer: git-send-email 2.7.4 Subject: [FFmpeg-devel] [PATCH v3] libavcodec/vp9: fix ref-frame size judging method X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: yancen MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: yancen There is no need all reference frame demension is valid in libvpx. So this change contains three part: 1. Change each judgement's loglevel from "ERROR" to "WARNING" 2. Make sure at least one of frames that this frame references has valid dimension. 3. All judgements fail would report "ERROR". Signed-off-by: Xiang Haihao Signed-off-by: Li Zhong Signed-off-by: Yan Cen --- libavcodec/vp9.c | 51 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c index acf3ffc..58e7312 100644 --- a/libavcodec/vp9.c +++ b/libavcodec/vp9.c @@ -555,11 +555,37 @@ static int decode_frame_header(AVCodecContext *avctx, s->s.h.signbias[1] = get_bits1(&s->gb) && !s->s.h.errorres; s->s.h.refidx[2] = get_bits(&s->gb, 3); s->s.h.signbias[2] = get_bits1(&s->gb) && !s->s.h.errorres; - if (!s->s.refs[s->s.h.refidx[0]].f->buf[0] || - !s->s.refs[s->s.h.refidx[1]].f->buf[0] || - !s->s.refs[s->s.h.refidx[2]].f->buf[0]) { - av_log(avctx, AV_LOG_ERROR, "Not all references are available\n"); - return AVERROR_INVALIDDATA; + if (0 == sizeof(s->s.refs[s->s.h.refidx[0]])) { + if (0 == sizeof(s->s.refs[s->s.h.refidx[1]].f->buf[0])) { + if (0 == s->s.refs[s->s.h.refidx[2]].f->buf[0]) { + av_log(avctx, AV_LOG_ERROR, "All references are unavailable\n"); + return AVERROR_INVALIDDATA; + } else { + av_frame_copy(s->s.refs[s->s.h.refidx[1]].f,s->s.refs[s->s.h.refidx[2]].f); + av_frame_copy(s->s.refs[s->s.h.refidx[0]].f,s->s.refs[s->s.h.refidx[2]].f); + } + } else { + if (0 == sizeof(s->s.refs[s->s.h.refidx[2]].f->buf[0])) { + av_frame_copy(s->s.refs[s->s.h.refidx[0]].f,s->s.refs[s->s.h.refidx[1]].f); + av_frame_copy(s->s.refs[s->s.h.refidx[2]].f,s->s.refs[s->s.h.refidx[1]].f); + } else { + av_frame_copy(s->s.refs[s->s.h.refidx[0]].f,s->s.refs[s->s.h.refidx[1]].f); + } + } + } else { + if (0 == sizeof(s->s.refs[s->s.h.refidx[1]].f->buf[0])) { + if (0 == sizeof(s->s.refs[s->s.h.refidx[2]].f->buf[0])) { + s->s.refs[s->s.h.refidx[1]].f = s->s.refs[s->s.h.refidx[2]].f = s->s.refs[s->s.h.refidx[0]].f; + av_frame_copy(s->s.refs[s->s.h.refidx[1]].f,s->s.refs[s->s.h.refidx[0]].f); + av_frame_copy(s->s.refs[s->s.h.refidx[2]].f,s->s.refs[s->s.h.refidx[0]].f); + } else { + av_frame_copy(s->s.refs[s->s.h.refidx[1]].f,s->s.refs[s->s.h.refidx[0]].f); + } + } else { + if (0 == sizeof(s->s.refs[s->s.h.refidx[2]].f->buf[0])) { + av_frame_copy(s->s.refs[s->s.h.refidx[2]].f,s->s.refs[s->s.h.refidx[1]].f); + } + } } if (get_bits1(&s->gb)) { w = s->s.refs[s->s.h.refidx[0]].f->width; @@ -790,6 +816,7 @@ static int decode_frame_header(AVCodecContext *avctx, /* check reference frames */ if (!s->s.h.keyframe && !s->s.h.intraonly) { + int has_valid_ref_frame = 0; for (i = 0; i < 3; i++) { AVFrame *ref = s->s.refs[s->s.h.refidx[i]].f; int refw = ref->width, refh = ref->height; @@ -802,12 +829,15 @@ static int decode_frame_header(AVCodecContext *avctx, return AVERROR_INVALIDDATA; } else if (refw == w && refh == h) { s->mvscale[i][0] = s->mvscale[i][1] = 0; + has_valid_ref_frame = 1; } else { - if (w * 2 < refw || h * 2 < refh || w > 16 * refw || h > 16 * refh) { - av_log(avctx, AV_LOG_ERROR, + int is_ref_frame_invalid = (w * 2 < refw || h * 2 < refh || w > 16 * refw || h > 16 * refh); + if (is_ref_frame_invalid) { + av_log(avctx, AV_LOG_WARNING, "Invalid ref frame dimensions %dx%d for frame size %dx%d\n", refw, refh, w, h); - return AVERROR_INVALIDDATA; + } else { + has_valid_ref_frame = 1; } s->mvscale[i][0] = (refw << 14) / w; s->mvscale[i][1] = (refh << 14) / h; @@ -815,6 +845,11 @@ static int decode_frame_header(AVCodecContext *avctx, s->mvstep[i][1] = 16 * s->mvscale[i][1] >> 14; } } + if (!has_valid_ref_frame) { + av_log(avctx, AV_LOG_ERROR, + "Referenced frame has invalid size\n"); + return AVERROR_INVALIDDATA; + } } if (s->s.h.keyframe || s->s.h.errorres || (s->s.h.intraonly && s->s.h.resetctx == 3)) {