From patchwork Thu Dec 10 11:16:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 24504 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 81E9D44A39A for ; Thu, 10 Dec 2020 13:25:00 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5AE1268A9C9; Thu, 10 Dec 2020 13:19:26 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 17D6C68A964 for ; Thu, 10 Dec 2020 13:19:23 +0200 (EET) Received: by mail-wr1-f48.google.com with SMTP id r14so5070210wrn.0 for ; Thu, 10 Dec 2020 03:19:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=UwrSOAufXk9n2fC06zCpgVk8G5awhzgvO7aXoCoo6DU=; b=rFIz90JiKhLghDNeBn4HS1ntgzAiveP54F0pyrGX3qxpJkryR+R930/K7XWfZxF/2/ gFhEzyIWjcDaSuyz5mT3QMgmwsAFNg6mXKMXoshJLVxbj1EcjcMnsjOLld6oV1zNP5zs KIfkkMpMrBqbGgk2qTL/JWCnw96FWk/DV2e0MeUInn5ccZQN1Y/cQ9nddF+eNdLbvUKG 9kC6CA0lulQZPf4dbBz59KckXauesvapPzF11nrCX+wKO5xAdGPT5FmiluoNTe3k1SPu csT0psmxaiKNVNHfvnsBpQSkDrwfCRTphkytXHTPkbXBuuG8INEOJiqKI4dn2c7i0HKI k5dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=UwrSOAufXk9n2fC06zCpgVk8G5awhzgvO7aXoCoo6DU=; b=DSGcaQTjvCojez9tCxrmMCTaPBjYhQ2B0e3hggzO/dW+dHh1a8K2W+mT1aY8YGfKVW YfwMIX6D/aLgK74LNWUiA1qoRKv5Fd+xSmui18qt+9Nbb83W7wt6VrsDWfKWoax9wzeE Jak0uuOo2gVPaYJSf6QF61pvSfNITuaPjMUaFl7X9jWmPKmxYlZQ+6lXFSab2zB/Un+s w4lUoWvKUYfm8haQCqOOrbuJrjSAIDG3GlLPrX4w5JFM8RVEB6XOrRfX+ComKwbAnQAF RB/R6FOG9F8bxFrYXe0F75GANHFcfWdJqIO/jSOKUxBHWypReCQT+duXPHImNXym6WIb 4Tug== X-Gm-Message-State: AOAM531b1k8MRhrVsvl5YumrZTpkYS1Xwz6uHzO6ZwHXgMn17LnNHm9m wjvdShIj3Yn5fDY9jzNn8OO1jesoKcW0tg== X-Google-Smtp-Source: ABdhPJxbKYtEcnbcVmVYF/xUtYKuE7BFaasqt2jQblZW4RD8QPbM7xyPE4ASomTASaGBDVlet+aXig== X-Received: by 2002:a05:6000:124e:: with SMTP id j14mr1248266wrx.310.1607599163080; Thu, 10 Dec 2020 03:19:23 -0800 (PST) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id s133sm8942330wmf.38.2020.12.10.03.19.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Dec 2020 03:19:22 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 10 Dec 2020 12:16:54 +0100 Message-Id: <20201210111657.2276739-37-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201210111657.2276739-1-andreas.rheinhardt@gmail.com> References: <20201210111657.2276739-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 36/39] avcodec/speedhqenc: Call correct function X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Up until now, the SpeedHQ encoder called a wrong function for init: void ff_init_uni_ac_vlc(const uint8_t huff_size_ac[256], uint8_t *uni_ac_vlc_len); Yet the first argument actually used is of type RLTable; the size of said struct is less than 256 if the size of a pointer is four, leading to an access beyond the end of the RLTable. This commit fixes this by calling the actually intended function: init_uni_ac_vlc() from mpeg12enc.c. It was intended to use this function [1], yet doing so was forgotten when the patch was actually applied. [1]: https://ffmpeg.org/pipermail/ffmpeg-devel/2020-July/266187.html Signed-off-by: Andreas Rheinhardt --- libavcodec/Makefile | 2 +- libavcodec/mpeg12.h | 1 + libavcodec/mpeg12enc.c | 11 ++++++++--- libavcodec/speedhqenc.c | 2 +- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/libavcodec/Makefile b/libavcodec/Makefile index 7f018e313b..450781886d 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -626,7 +626,7 @@ OBJS-$(CONFIG_SONIC_DECODER) += sonic.o OBJS-$(CONFIG_SONIC_ENCODER) += sonic.o OBJS-$(CONFIG_SONIC_LS_ENCODER) += sonic.o OBJS-$(CONFIG_SPEEDHQ_DECODER) += speedhq.o mpeg12.o mpeg12data.o simple_idct.o -OBJS-$(CONFIG_SPEEDHQ_ENCODER) += speedhq.o mpeg12data.o speedhqenc.o +OBJS-$(CONFIG_SPEEDHQ_ENCODER) += speedhq.o mpeg12data.o mpeg12enc.o speedhqenc.o OBJS-$(CONFIG_SP5X_DECODER) += sp5xdec.o OBJS-$(CONFIG_SRGC_DECODER) += mscc.o OBJS-$(CONFIG_SRT_DECODER) += srtdec.o ass.o htmlsubtitles.o diff --git a/libavcodec/mpeg12.h b/libavcodec/mpeg12.h index 76fc0bf955..4cd48b5d20 100644 --- a/libavcodec/mpeg12.h +++ b/libavcodec/mpeg12.h @@ -35,6 +35,7 @@ void ff_mpeg12_common_init(MpegEncContext *s); } void ff_init_2d_vlc_rl(RLTable *rl, unsigned static_size, int flags); +void ff_mpeg1_init_uni_ac_vlc(const RLTable *rl, uint8_t *uni_ac_vlc_len); static inline int decode_dc(GetBitContext *gb, int component) { diff --git a/libavcodec/mpeg12enc.c b/libavcodec/mpeg12enc.c index e38cd074e1..a05c2db6cb 100644 --- a/libavcodec/mpeg12enc.c +++ b/libavcodec/mpeg12enc.c @@ -27,6 +27,7 @@ #include +#include "config.h" #include "libavutil/attributes.h" #include "libavutil/avassert.h" #include "libavutil/log.h" @@ -44,6 +45,7 @@ #include "mpegvideo.h" #include "profiles.h" +#if CONFIG_MPEG1VIDEO_ENCODER || CONFIG_MPEG2VIDEO_ENCODER static const uint8_t svcd_scan_offset_placeholder[] = { 0x10, 0x0E, 0x00, 0x80, 0x81, 0x00, 0x80, 0x81, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, @@ -61,8 +63,9 @@ static uint32_t mpeg1_lum_dc_uni[512]; static uint32_t mpeg1_chr_dc_uni[512]; #define A53_MAX_CC_COUNT 0x1f +#endif /* CONFIG_MPEG1VIDEO_ENCODER || CONFIG_MPEG2VIDEO_ENCODER */ -static av_cold void init_uni_ac_vlc(RLTable *rl, uint8_t *uni_ac_vlc_len) +av_cold void ff_mpeg1_init_uni_ac_vlc(const RLTable *rl, uint8_t *uni_ac_vlc_len) { int i; @@ -97,6 +100,7 @@ static av_cold void init_uni_ac_vlc(RLTable *rl, uint8_t *uni_ac_vlc_len) } } +#if CONFIG_MPEG1VIDEO_ENCODER || CONFIG_MPEG2VIDEO_ENCODER static int find_frame_rate_index(MpegEncContext *s) { int i; @@ -1039,8 +1043,8 @@ static av_cold void mpeg12_encode_init_static(void) ff_rl_init(&ff_rl_mpeg1, mpeg12_static_rl_table_store[0]); ff_rl_init(&ff_rl_mpeg2, mpeg12_static_rl_table_store[1]); - init_uni_ac_vlc(&ff_rl_mpeg1, uni_mpeg1_ac_vlc_len); - init_uni_ac_vlc(&ff_rl_mpeg2, uni_mpeg2_ac_vlc_len); + ff_mpeg1_init_uni_ac_vlc(&ff_rl_mpeg1, uni_mpeg1_ac_vlc_len); + ff_mpeg1_init_uni_ac_vlc(&ff_rl_mpeg2, uni_mpeg2_ac_vlc_len); /* build unified dc encoding tables */ for (int i = -255; i < 256; i++) { @@ -1216,3 +1220,4 @@ AVCodec ff_mpeg2video_encoder = { .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE | FF_CODEC_CAP_INIT_CLEANUP, .priv_class = &mpeg2_class, }; +#endif /* CONFIG_MPEG1VIDEO_ENCODER || CONFIG_MPEG2VIDEO_ENCODER */ diff --git a/libavcodec/speedhqenc.c b/libavcodec/speedhqenc.c index 9807024980..a5bedd5301 100644 --- a/libavcodec/speedhqenc.c +++ b/libavcodec/speedhqenc.c @@ -96,7 +96,7 @@ static av_cold void speedhq_init_static_data(void) speedhq_chr_dc_uni[i + 255] = bits + (code << 8); } - ff_init_uni_ac_vlc(&ff_rl_speedhq, uni_speedhq_ac_vlc_len); + ff_mpeg1_init_uni_ac_vlc(&ff_rl_speedhq, uni_speedhq_ac_vlc_len); } av_cold int ff_speedhq_encode_init(MpegEncContext *s)