From patchwork Thu Sep  7 13:42:07 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Wachsler <wachsler-at-google.com@ffmpeg.org>
X-Patchwork-Id: 5034
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.2.15.201 with SMTP id 70csp223374jao;
	Thu, 7 Sep 2017 06:49:49 -0700 (PDT)
X-Received: by 10.28.24.138 with SMTP id 132mr849279wmy.61.1504792189852;
	Thu, 07 Sep 2017 06:49:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1504792189; cv=none;
	d=google.com; s=arc-20160816;
	b=Bb5vKM96Y0wfsC74XUhl5qudfCvQwCBuP9l7lA5yxUjyjf8nsOvP/r5Q7+/oJ6YeAr
	DZ9H3gU1Vs4yr0Cy78pe7zV51nFTti8bHQPazZM1iBAY4KRmKuaowsE7nyzC7PLsO1gQ
	rtNqhd4w/BsisVxjszm8w2q+GEYDFH3pCnWe7Zrtxc8WoZKENbAh20CtKLF14rhSNTKp
	Hc+GPKAmmCHBLDU3pHLESYFm4THsOoBhDHExbYa4vmrq5H270tXYdX8twp1D2IdGWXCr
	KnxpxaMiFuLXg7aw9wVj5LejuncitIZKZXhURgnH97/LDLRV2Lfd4rSXlUttURxsD3dR
	V3zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
	:list-subscribe:list-help:list-post:list-archive:list-unsubscribe
	:list-id:precedence:subject:references:in-reply-to:message-id:date
	:to:from:dkim-signature:delivered-to:arc-authentication-results;
	bh=w7iLe8hij46SJGlkOHoAj2An1afWJpKvm6TWRp+eP4I=;
	b=qo+KBahwnv0OXveM2fxCk/Cm2N0rDdhRfJ3JE0fFa8S+t+TNYB551oJNTObgGmSRCJ
	P4YkoRB7IM6jU0vytCxWhPxrXl7CPnZVkVPlRcyifOvEOOlBGwzP1dAYufSpPi7LqZgT
	FkNO8dEI5vw+gp678LHHNiSL9K34iYI5glp7gPP+PnWZWXx4GSsbocO3yistlgXS9NT5
	4gW6DFtKT65NrDE9om+h5lNCJtMq0LXh5rJZlqQ/G/fFeksrDYRy19Ksf4inuV2nKg5m
	N1aFxl3LxdjjZzHZPCqoO2Ey0eVHI69xn3LunrLsJGmxIllbC09tg3vQy8qoPmzipBdg
	819w==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=RjomnoYV;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id d15si2065910wre.17.2017.09.07.06.49.49;
	Thu, 07 Sep 2017 06:49:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@google.com
	header.s=20161025 header.b=RjomnoYV;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AF1D2689A80;
	Thu,  7 Sep 2017 16:49:42 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-qk0-f170.google.com (mail-qk0-f170.google.com
	[209.85.220.170])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0E83C6882CA
	for <ffmpeg-devel@ffmpeg.org>; Thu,  7 Sep 2017 16:49:36 +0300 (EEST)
Received: by mail-qk0-f170.google.com with SMTP id b82so27064287qkc.4
	for <ffmpeg-devel@ffmpeg.org>; Thu, 07 Sep 2017 06:49:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=GRYXo0rft67ZqxN+c9WiWhOAzV6aU8AGl4R8zl9rO2E=;
	b=RjomnoYVdRecBJEN+Ss9QuaY5ZlsZxd513s+kWAi23zfIuZ7GDfwNa4NWK3Jjy5GOw
	zuqIU0H88xxTfa0dVh1HKZHmWZK/7dU7cEUaDSDeAJr/oa2+HHHp7aQ5Dfi2+9HCzZzF
	pzBc6ETpIKZznMnZBPIcIqw7ozeK69/Mov9OA09F3D8mxfoUotL0hHQB/toRUL3lcbD2
	fa/MpNqlqN4ybXOw5dNVptoUinGKkCznfssu+2ri+0f5JGCdjoL5cVimPMJSUxNd56XD
	taRm5t++xguovEjHkFpGeoKyTYfbv1FlImZNNzCDR1sGVh8TOgzGaZ36am39Ff9Nbd/f
	BdbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=GRYXo0rft67ZqxN+c9WiWhOAzV6aU8AGl4R8zl9rO2E=;
	b=C++ivPDzHjyrjNtoN2rm2vwjW2CXh5BXnyXvh6cuaqkK5Y4Ul4J3hirS3Poo9ytXuj
	XpN8vVa2GotV3N2lxvqN0URp+D0pE4UPGSaKKPmP726Ra4OPXA5FLfYud6C8ENpyUb+y
	h5UTnXtklRx53jiDZUujo5Pwv91lKNURbmRXyYY6R8KbQyWss+r/4B/oMDcQ/KZUXday
	qZDQiIOQ8y09dQWbb7/HxKRZTBHwqNXm41gfCJF8R2FCkQB5+Tr53hQa5PjLjJc+hph0
	Aseche3NIUzX2/RsP7gwnhUp7XCElvVmNnfdYz6vh0Pb9vstecqbgfTtt+HJYqPTZEPL
	/R8w==
X-Gm-Message-State: AHPjjUi1EypjketflnzQNcf5XZyab02rNnySS3uOJXGrNQ9FfMDgdQRa
	b1KCQHxcWXbgkCQiwo6+cQ==
X-Google-Smtp-Source: 
 ADKCNb73liB4OpnZApTQwxlhPMJOBB4iBK3ovIcKy4+jjUzwiK4p77j6AzNWKMZWnyQjLCkX66BZoQ==
X-Received: by 10.55.102.73 with SMTP id a70mr3457339qkc.345.1504791832391;
	Thu, 07 Sep 2017 06:43:52 -0700 (PDT)
Received: from quechee.cam.corp.google.com ([172.23.221.16])
	by smtp.gmail.com with ESMTPSA id
	d58sm1625978qte.92.2017.09.07.06.43.51
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 07 Sep 2017 06:43:51 -0700 (PDT)
From: Mark Wachsler <wachsler-at-google.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Thu,  7 Sep 2017 09:42:07 -0400
Message-Id: <20170907134207.27809-1-wachsler@google.com>
X-Mailer: git-send-email 2.14.1.581.gf28d330327-goog
In-Reply-To: <5137F089-122F-4679-9576-BAA59ACB844F@gmail.com>
References: <5137F089-122F-4679-9576-BAA59ACB844F@gmail.com>
Subject: [FFmpeg-devel] [PATCH] libavcodec/h264_parse: don't use
	uninitialized value when chroma_format_idc==0
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Mark Wachsler <wachsler@google.com>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

When parsing a monochrome file, chroma_log2_weight_denom was used without
being initialized, which could lead to a bogus error message being printed, e.g.
  [h264 @ 0x61a000026480] chroma_log2_weight_denom 24576 is out of range
It also could led to warnings using AddressSanitizer.
---
 libavcodec/h264_parse.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/libavcodec/h264_parse.c b/libavcodec/h264_parse.c
index 3d20075f6a..a7c71d9bbb 100644
--- a/libavcodec/h264_parse.c
+++ b/libavcodec/h264_parse.c
@@ -34,21 +34,22 @@ int ff_h264_pred_weight_table(GetBitContext *gb, const SPS *sps,
 
     pwt->use_weight             = 0;
     pwt->use_weight_chroma      = 0;
-    pwt->luma_log2_weight_denom = get_ue_golomb(gb);
-    if (sps->chroma_format_idc)
-        pwt->chroma_log2_weight_denom = get_ue_golomb(gb);
 
+    pwt->luma_log2_weight_denom = get_ue_golomb(gb);
     if (pwt->luma_log2_weight_denom > 7U) {
         av_log(logctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of range\n", pwt->luma_log2_weight_denom);
         pwt->luma_log2_weight_denom = 0;
     }
-    if (pwt->chroma_log2_weight_denom > 7U) {
-        av_log(logctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", pwt->chroma_log2_weight_denom);
-        pwt->chroma_log2_weight_denom = 0;
-    }
+    luma_def = 1 << pwt->luma_log2_weight_denom;
 
-    luma_def   = 1 << pwt->luma_log2_weight_denom;
-    chroma_def = 1 << pwt->chroma_log2_weight_denom;
+    if (sps->chroma_format_idc) {
+        pwt->chroma_log2_weight_denom = get_ue_golomb(gb);
+        if (pwt->chroma_log2_weight_denom > 7U) {
+            av_log(logctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", pwt->chroma_log2_weight_denom);
+            pwt->chroma_log2_weight_denom = 0;
+        }
+        chroma_def = 1 << pwt->chroma_log2_weight_denom;
+    }
 
     for (list = 0; list < 2; list++) {
         pwt->luma_weight_flag[list]   = 0;
@@ -102,9 +103,11 @@ int ff_h264_pred_weight_table(GetBitContext *gb, const SPS *sps,
             if (picture_structure == PICT_FRAME) {
                 pwt->luma_weight[16 + 2 * i][list][0] = pwt->luma_weight[16 + 2 * i + 1][list][0] = pwt->luma_weight[i][list][0];
                 pwt->luma_weight[16 + 2 * i][list][1] = pwt->luma_weight[16 + 2 * i + 1][list][1] = pwt->luma_weight[i][list][1];
-                for (j = 0; j < 2; j++) {
-                    pwt->chroma_weight[16 + 2 * i][list][j][0] = pwt->chroma_weight[16 + 2 * i + 1][list][j][0] = pwt->chroma_weight[i][list][j][0];
-                    pwt->chroma_weight[16 + 2 * i][list][j][1] = pwt->chroma_weight[16 + 2 * i + 1][list][j][1] = pwt->chroma_weight[i][list][j][1];
+                if (sps->chroma_format_idc) {
+                    for (j = 0; j < 2; j++) {
+                        pwt->chroma_weight[16 + 2 * i][list][j][0] = pwt->chroma_weight[16 + 2 * i + 1][list][j][0] = pwt->chroma_weight[i][list][j][0];
+                        pwt->chroma_weight[16 + 2 * i][list][j][1] = pwt->chroma_weight[16 + 2 * i + 1][list][j][1] = pwt->chroma_weight[i][list][j][1];
+                    }
                 }
             }
         }