[FFmpeg-devel,1/2] lavc/hevc: store VPS/SPS/PPS data

Message ID	CAOmVQXHOKWaxhbumfxx2Eu39-6_YEPApqbgc3snpxWRRgWenwg@mail.gmail.com
State	Accepted
Headers	show Delivered-To: ffmpegpatchwork@gmail.com Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; MIME-Version: 1.0 In-Reply-To: <20160908122841.GO4692@nb4> References: <20160907145354.2322-1-matthieu.bouron@gmail.com> <20160907145354.2322-2-matthieu.bouron@gmail.com> <20160908122841.GO4692@nb4> From: Matthieu Bouron <matthieu.bouron@gmail.com> Date: Thu, 8 Sep 2016 16:18:26 +0200 Message-ID: <CAOmVQXHOKWaxhbumfxx2Eu39-6_YEPApqbgc3snpxWRRgWenwg@mail.gmail.com> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Content-Type: multipart/mixed; boundary=001a113d421c0e7ca2053bffb47a Subject: Re: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Message ID

CAOmVQXHOKWaxhbumfxx2Eu39-6_YEPApqbgc3snpxWRRgWenwg@mail.gmail.com

State

Accepted

Headers

Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100; 
MIME-Version: 1.0
In-Reply-To: <20160908122841.GO4692@nb4>
References: <20160907145354.2322-1-matthieu.bouron@gmail.com>
	<20160907145354.2322-2-matthieu.bouron@gmail.com>
	<20160908122841.GO4692@nb4>
From: Matthieu Bouron <matthieu.bouron@gmail.com>
Date: Thu, 8 Sep 2016 16:18:26 +0200
Message-ID: <CAOmVQXHOKWaxhbumfxx2Eu39-6_YEPApqbgc3snpxWRRgWenwg@mail.gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary=001a113d421c0e7ca2053bffb47a
Subject: Re: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
Precedence: list
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Commit Message

Matthieu Bouron Sept. 8, 2016, 2:18 p.m. UTC

On Thu, Sep 8, 2016 at 2:28 PM, Michael Niedermayer <michael@niedermayer.cc>
wrote:

> On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote:
> > From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
> >
> > ---
> >  libavcodec/hevc.h    |  9 +++++++++
> >  libavcodec/hevc_ps.c | 27 +++++++++++++++++++++++++++
> >  2 files changed, 36 insertions(+)
> >
> > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
> > index be91010..6a3c750 100644
> > --- a/libavcodec/hevc.h
> > +++ b/libavcodec/hevc.h
> > @@ -387,6 +387,9 @@ typedef struct HEVCVPS {
> >      uint8_t vps_poc_proportional_to_timing_flag;
> >      int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1
> + 1
> >      int vps_num_hrd_parameters;
> > +
> > +    uint8_t data[4096];
> > +    int data_size;
> >  } HEVCVPS;
> >
> >  typedef struct ScalingList {
> > @@ -483,6 +486,9 @@ typedef struct HEVCSPS {
> >      int vshift[3];
> >
> >      int qp_bd_offset;
> > +
> > +    uint8_t data[4096];
> > +    int data_size;
> >  } HEVCSPS;
> >
> >  typedef struct HEVCPPS {
> > @@ -557,6 +563,9 @@ typedef struct HEVCPPS {
> >      int *tile_pos_rs;       ///< TilePosRS
> >      int *min_tb_addr_zs;    ///< MinTbAddrZS
> >      int *min_tb_addr_zs_tab;///< MinTbAddrZS
> > +
> > +    uint8_t data[4096];
> > +    int data_size;
> >  } HEVCPPS;
> >
> >  typedef struct HEVCParamSets {
> > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> > index 83f2ec2..629e454 100644
> > --- a/libavcodec/hevc_ps.c
> > +++ b/libavcodec/hevc_ps.c
> > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb,
> AVCodecContext *avctx,
> >
> >      av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
> >
> > +    vps->data_size = gb->buffer_end - gb->buffer;
>
> This theoretically could overflow, data_size is only an int the pointer
> difference might be larger
>

Updated patch attached.

[...]

Comments

Michael Niedermayer Sept. 9, 2016, 12:36 a.m. UTC | #1

On Thu, Sep 08, 2016 at 04:18:26PM +0200, Matthieu Bouron wrote:
> On Thu, Sep 8, 2016 at 2:28 PM, Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote:
> > > From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
> > >
> > > ---
> > >  libavcodec/hevc.h    |  9 +++++++++
> > >  libavcodec/hevc_ps.c | 27 +++++++++++++++++++++++++++
> > >  2 files changed, 36 insertions(+)
> > >
> > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
> > > index be91010..6a3c750 100644
> > > --- a/libavcodec/hevc.h
> > > +++ b/libavcodec/hevc.h
> > > @@ -387,6 +387,9 @@ typedef struct HEVCVPS {
> > >      uint8_t vps_poc_proportional_to_timing_flag;
> > >      int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1
> > + 1
> > >      int vps_num_hrd_parameters;
> > > +
> > > +    uint8_t data[4096];
> > > +    int data_size;
> > >  } HEVCVPS;
> > >
> > >  typedef struct ScalingList {
> > > @@ -483,6 +486,9 @@ typedef struct HEVCSPS {
> > >      int vshift[3];
> > >
> > >      int qp_bd_offset;
> > > +
> > > +    uint8_t data[4096];
> > > +    int data_size;
> > >  } HEVCSPS;
> > >
> > >  typedef struct HEVCPPS {
> > > @@ -557,6 +563,9 @@ typedef struct HEVCPPS {
> > >      int *tile_pos_rs;       ///< TilePosRS
> > >      int *min_tb_addr_zs;    ///< MinTbAddrZS
> > >      int *min_tb_addr_zs_tab;///< MinTbAddrZS
> > > +
> > > +    uint8_t data[4096];
> > > +    int data_size;
> > >  } HEVCPPS;
> > >
> > >  typedef struct HEVCParamSets {
> > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> > > index 83f2ec2..629e454 100644
> > > --- a/libavcodec/hevc_ps.c
> > > +++ b/libavcodec/hevc_ps.c
> > > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb,
> > AVCodecContext *avctx,
> > >
> > >      av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
> > >
> > > +    vps->data_size = gb->buffer_end - gb->buffer;
> >
> > This theoretically could overflow, data_size is only an int the pointer
> > difference might be larger
> >
> 
> Updated patch attached.
> 
> [...]

>  hevc.h    |    9 +++++++++
>  hevc_ps.c |   36 ++++++++++++++++++++++++++++++++++++
>  2 files changed, 45 insertions(+)
> 74a311a04fc12daab6f9dc4dc228d3e2d574b12f  0001-lavc-hevc-store-VPS-SPS-PPS-data.patch
> From e25cc9920accb43dd4af152358b78160e85d64a2 Mon Sep 17 00:00:00 2001
> From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
> Date: Wed, 7 Sep 2016 11:36:10 +0200
> Subject: [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data

LGTM

thx

[...]

Matthieu Bouron Sept. 9, 2016, 2:37 p.m. UTC | #2

On Fri, Sep 09, 2016 at 02:36:20AM +0200, Michael Niedermayer wrote:
> On Thu, Sep 08, 2016 at 04:18:26PM +0200, Matthieu Bouron wrote:
> > On Thu, Sep 8, 2016 at 2:28 PM, Michael Niedermayer <michael@niedermayer.cc>
> > wrote:
> > 
> > > On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote:
> > > > From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
> > > >
> > > > ---
> > > >  libavcodec/hevc.h    |  9 +++++++++
> > > >  libavcodec/hevc_ps.c | 27 +++++++++++++++++++++++++++
> > > >  2 files changed, 36 insertions(+)
> > > >
> > > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
> > > > index be91010..6a3c750 100644
> > > > --- a/libavcodec/hevc.h
> > > > +++ b/libavcodec/hevc.h
> > > > @@ -387,6 +387,9 @@ typedef struct HEVCVPS {
> > > >      uint8_t vps_poc_proportional_to_timing_flag;
> > > >      int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1
> > > + 1
> > > >      int vps_num_hrd_parameters;
> > > > +
> > > > +    uint8_t data[4096];
> > > > +    int data_size;
> > > >  } HEVCVPS;
> > > >
> > > >  typedef struct ScalingList {
> > > > @@ -483,6 +486,9 @@ typedef struct HEVCSPS {
> > > >      int vshift[3];
> > > >
> > > >      int qp_bd_offset;
> > > > +
> > > > +    uint8_t data[4096];
> > > > +    int data_size;
> > > >  } HEVCSPS;
> > > >
> > > >  typedef struct HEVCPPS {
> > > > @@ -557,6 +563,9 @@ typedef struct HEVCPPS {
> > > >      int *tile_pos_rs;       ///< TilePosRS
> > > >      int *min_tb_addr_zs;    ///< MinTbAddrZS
> > > >      int *min_tb_addr_zs_tab;///< MinTbAddrZS
> > > > +
> > > > +    uint8_t data[4096];
> > > > +    int data_size;
> > > >  } HEVCPPS;
> > > >
> > > >  typedef struct HEVCParamSets {
> > > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> > > > index 83f2ec2..629e454 100644
> > > > --- a/libavcodec/hevc_ps.c
> > > > +++ b/libavcodec/hevc_ps.c
> > > > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb,
> > > AVCodecContext *avctx,
> > > >
> > > >      av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
> > > >
> > > > +    vps->data_size = gb->buffer_end - gb->buffer;
> > >
> > > This theoretically could overflow, data_size is only an int the pointer
> > > difference might be larger
> > >
> > 
> > Updated patch attached.
> > 
> > [...]
> 
> >  hevc.h    |    9 +++++++++
> >  hevc_ps.c |   36 ++++++++++++++++++++++++++++++++++++
> >  2 files changed, 45 insertions(+)
> > 74a311a04fc12daab6f9dc4dc228d3e2d574b12f  0001-lavc-hevc-store-VPS-SPS-PPS-data.patch
> > From e25cc9920accb43dd4af152358b78160e85d64a2 Mon Sep 17 00:00:00 2001
> > From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
> > Date: Wed, 7 Sep 2016 11:36:10 +0200
> > Subject: [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
> 
> LGTM
> 
> thx

Pushed. Thanks.

[...]

From e25cc9920accb43dd4af152358b78160e85d64a2 Mon Sep 17 00:00:00 2001
From: Matthieu Bouron <matthieu.bouron@stupeflix.com>
Date: Wed, 7 Sep 2016 11:36:10 +0200
Subject: [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data

---
 libavcodec/hevc.h    |  9 +++++++++
 libavcodec/hevc_ps.c | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index be91010..6a3c750 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -387,6 +387,9 @@  typedef struct HEVCVPS {
     uint8_t vps_poc_proportional_to_timing_flag;
     int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + 1
     int vps_num_hrd_parameters;
+
+    uint8_t data[4096];
+    int data_size;
 } HEVCVPS;
 
 typedef struct ScalingList {
@@ -483,6 +486,9 @@  typedef struct HEVCSPS {
     int vshift[3];
 
     int qp_bd_offset;
+
+    uint8_t data[4096];
+    int data_size;
 } HEVCSPS;
 
 typedef struct HEVCPPS {
@@ -557,6 +563,9 @@  typedef struct HEVCPPS {
     int *tile_pos_rs;       ///< TilePosRS
     int *min_tb_addr_zs;    ///< MinTbAddrZS
     int *min_tb_addr_zs_tab;///< MinTbAddrZS
+
+    uint8_t data[4096];
+    int data_size;
 } HEVCPPS;
 
 typedef struct HEVCParamSets {
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 83f2ec2..d08ba34 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -399,6 +399,7 @@  int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
 {
     int i,j;
     int vps_id = 0;
+    ptrdiff_t nal_size;
     HEVCVPS *vps;
     AVBufferRef *vps_buf = av_buffer_allocz(sizeof(*vps));
 
@@ -408,6 +409,17 @@  int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
 
     av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
 
+    nal_size = gb->buffer_end - gb->buffer;
+    if (nal_size > sizeof(vps->data)) {
+        av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized VPS "
+               "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n",
+               nal_size, sizeof(vps->data));
+        vps->data_size = sizeof(vps->data);
+    } else {
+        vps->data_size = nal_size;
+    }
+    memcpy(vps->data, gb->buffer, vps->data_size);
+
     vps_id = get_bits(gb, 4);
     if (vps_id >= MAX_VPS_COUNT) {
         av_log(avctx, AV_LOG_ERROR, "VPS id out of range: %d\n", vps_id);
@@ -1177,6 +1189,7 @@  int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx,
     AVBufferRef *sps_buf = av_buffer_allocz(sizeof(*sps));
     unsigned int sps_id;
     int ret;
+    ptrdiff_t nal_size;
 
     if (!sps_buf)
         return AVERROR(ENOMEM);
@@ -1184,6 +1197,17 @@  int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx,
 
     av_log(avctx, AV_LOG_DEBUG, "Decoding SPS\n");
 
+    nal_size = gb->buffer_end - gb->buffer;
+    if (nal_size > sizeof(sps->data)) {
+        av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized SPS "
+               "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n",
+               nal_size, sizeof(sps->data));
+        sps->data_size = sizeof(sps->data);
+    } else {
+        sps->data_size = nal_size;
+    }
+    memcpy(sps->data, gb->buffer, sps->data_size);
+
     ret = ff_hevc_parse_sps(sps, gb, &sps_id,
                             apply_defdispwin,
                             ps->vps_list, avctx);
@@ -1407,6 +1431,7 @@  int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx,
     HEVCSPS      *sps = NULL;
     int i, ret = 0;
     unsigned int pps_id = 0;
+    ptrdiff_t nal_size;
 
     AVBufferRef *pps_buf;
     HEVCPPS *pps = av_mallocz(sizeof(*pps));
@@ -1423,6 +1448,17 @@  int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx,
 
     av_log(avctx, AV_LOG_DEBUG, "Decoding PPS\n");
 
+    nal_size = gb->buffer_end - gb->buffer;
+    if (nal_size > sizeof(pps->data)) {
+        av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized PPS "
+               "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n",
+               nal_size, sizeof(pps->data));
+        pps->data_size = sizeof(pps->data);
+    } else {
+        pps->data_size = nal_size;
+    }
+    memcpy(pps->data, gb->buffer, pps->data_size);
+
     // Default values
     pps->loop_filter_across_tiles_enabled_flag = 1;
     pps->num_tile_columns                      = 1;
-- 
2.9.3

[FFmpeg-devel,1/2] lavc/hevc: store VPS/SPS/PPS data

Commit Message

Comments

Patch