[FFmpeg-devel,1/2] lavc/hevc: store VPS/SPS/PPS data

Message ID	20160907145354.2322-2-matthieu.bouron@gmail.com
State	Superseded
Headers	show Delivered-To: ffmpegpatchwork@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; From: Matthieu Bouron <matthieu.bouron@gmail.com> To: ffmpeg-devel@ffmpeg.org Date: Wed, 7 Sep 2016 16:53:53 +0200 Message-Id: <20160907145354.2322-2-matthieu.bouron@gmail.com> In-Reply-To: <20160907145354.2322-1-matthieu.bouron@gmail.com> References: <20160907145354.2322-1-matthieu.bouron@gmail.com> Subject: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Cc: Matthieu Bouron <matthieu.bouron@stupeflix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Message ID

20160907145354.2322-2-matthieu.bouron@gmail.com

State

Superseded

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100; 
From: Matthieu Bouron <matthieu.bouron@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Wed,  7 Sep 2016 16:53:53 +0200
Message-Id: <20160907145354.2322-2-matthieu.bouron@gmail.com>
In-Reply-To: <20160907145354.2322-1-matthieu.bouron@gmail.com>
References: <20160907145354.2322-1-matthieu.bouron@gmail.com>
Subject: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
Precedence: list
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Matthieu Bouron <matthieu.bouron@stupeflix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Comments

Michael Niedermayer Sept. 8, 2016, 12:28 p.m. UTC | #1

On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote:
> From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
> 
> ---
>  libavcodec/hevc.h    |  9 +++++++++
>  libavcodec/hevc_ps.c | 27 +++++++++++++++++++++++++++
>  2 files changed, 36 insertions(+)
> 
> diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
> index be91010..6a3c750 100644
> --- a/libavcodec/hevc.h
> +++ b/libavcodec/hevc.h
> @@ -387,6 +387,9 @@ typedef struct HEVCVPS {
>      uint8_t vps_poc_proportional_to_timing_flag;
>      int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + 1
>      int vps_num_hrd_parameters;
> +
> +    uint8_t data[4096];
> +    int data_size;
>  } HEVCVPS;
>  
>  typedef struct ScalingList {
> @@ -483,6 +486,9 @@ typedef struct HEVCSPS {
>      int vshift[3];
>  
>      int qp_bd_offset;
> +
> +    uint8_t data[4096];
> +    int data_size;
>  } HEVCSPS;
>  
>  typedef struct HEVCPPS {
> @@ -557,6 +563,9 @@ typedef struct HEVCPPS {
>      int *tile_pos_rs;       ///< TilePosRS
>      int *min_tb_addr_zs;    ///< MinTbAddrZS
>      int *min_tb_addr_zs_tab;///< MinTbAddrZS
> +
> +    uint8_t data[4096];
> +    int data_size;
>  } HEVCPPS;
>  
>  typedef struct HEVCParamSets {
> diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> index 83f2ec2..629e454 100644
> --- a/libavcodec/hevc_ps.c
> +++ b/libavcodec/hevc_ps.c
> @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
>  
>      av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
>  
> +    vps->data_size = gb->buffer_end - gb->buffer;

This theoretically could overflow, data_size is only an int the pointer
difference might be larger

[...]

diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index be91010..6a3c750 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -387,6 +387,9 @@  typedef struct HEVCVPS {
     uint8_t vps_poc_proportional_to_timing_flag;
     int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + 1
     int vps_num_hrd_parameters;
+
+    uint8_t data[4096];
+    int data_size;
 } HEVCVPS;
 
 typedef struct ScalingList {
@@ -483,6 +486,9 @@  typedef struct HEVCSPS {
     int vshift[3];
 
     int qp_bd_offset;
+
+    uint8_t data[4096];
+    int data_size;
 } HEVCSPS;
 
 typedef struct HEVCPPS {
@@ -557,6 +563,9 @@  typedef struct HEVCPPS {
     int *tile_pos_rs;       ///< TilePosRS
     int *min_tb_addr_zs;    ///< MinTbAddrZS
     int *min_tb_addr_zs_tab;///< MinTbAddrZS
+
+    uint8_t data[4096];
+    int data_size;
 } HEVCPPS;
 
 typedef struct HEVCParamSets {
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 83f2ec2..629e454 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -408,6 +408,15 @@  int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
 
     av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
 
+    vps->data_size = gb->buffer_end - gb->buffer;
+    if (vps->data_size > sizeof(vps->data)) {
+        av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized VPS "
+               "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n",
+               vps->data_size, sizeof(vps->data));
+        vps->data_size = sizeof(vps->data);
+    }
+    memcpy(vps->data, gb->buffer, vps->data_size);
+
     vps_id = get_bits(gb, 4);
     if (vps_id >= MAX_VPS_COUNT) {
         av_log(avctx, AV_LOG_ERROR, "VPS id out of range: %d\n", vps_id);
@@ -1184,6 +1193,15 @@  int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx,
 
     av_log(avctx, AV_LOG_DEBUG, "Decoding SPS\n");
 
+    sps->data_size = gb->buffer_end - gb->buffer;
+    if (sps->data_size > sizeof(sps->data)) {
+        av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized SPS "
+               "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n",
+               sps->data_size, sizeof(sps->data));
+        sps->data_size = sizeof(sps->data);
+    }
+    memcpy(sps->data, gb->buffer, sps->data_size);
+
     ret = ff_hevc_parse_sps(sps, gb, &sps_id,
                             apply_defdispwin,
                             ps->vps_list, avctx);
@@ -1423,6 +1441,15 @@  int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx,
 
     av_log(avctx, AV_LOG_DEBUG, "Decoding PPS\n");
 
+    pps->data_size = gb->buffer_end - gb->buffer;
+    if (pps->data_size > sizeof(pps->data)) {
+        av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized PPS "
+               "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n",
+               pps->data_size, sizeof(pps->data));
+        pps->data_size = sizeof(pps->data);
+    }
+    memcpy(pps->data, gb->buffer, pps->data_size);
+
     // Default values
     pps->loop_filter_across_tiles_enabled_flag = 1;
     pps->num_tile_columns                      = 1;

[FFmpeg-devel,1/2] lavc/hevc: store VPS/SPS/PPS data

Commit Message

Comments

Patch