From patchwork Tue Mar 29 08:29:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Chen, Wenbin" X-Patchwork-Id: 35043 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:c05:b0:7a:e998:b410 with SMTP id bw5csp19625pzb; Tue, 29 Mar 2022 01:29:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzR1F+OW+nU7Jy8ODGcDfuOE8NyKJu/cbG0Yhj5t3j3Zl+A/wX3PaNhy4DCg8UIGaT43VWY X-Received: by 2002:a05:6402:149a:b0:418:f2b2:3e1f with SMTP id e26-20020a056402149a00b00418f2b23e1fmr3029055edv.259.1648542599811; Tue, 29 Mar 2022 01:29:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648542599; cv=none; d=google.com; s=arc-20160816; b=Y5qbc8bTTgClnBaexT8OsSxlSui0CleBWCuAF4GpRW3MrqG+6x7sfbsZ45MNXNHQUT Ae6Va7pjBKEz0ldISNYhpj4uscuMRhDQiwnPNQ6bh0Q7LjmMgBtLt6JkyGFL+Eg5Tb02 knBfIVe+9bGJDBD1anO24T0+rNdFF6a92NDH5zEeGH1MeKcvQXCJ64pkf4stSckMi31h YiXg6ZNjSDcMDP2BQEaqLfGczL9KTpAZdu7aOysjUWduz+i+VZx/iaahbzYKPBdc6Bt5 CA8kh6hZfi5OeSJJmIuWCV1VqHojWqqNhKUX0TvQ9Haw0oyU7XMVcfFix68pAiP0h27Y C2OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=1/9Tv3IQ85QHHmQWDf2OXLutGqe3I+fzKKPtSsRUiaY=; b=az9UYRCoJFrXOAPk9lXhziD2atIrK7HJPj+9RaHU4ZWJXKtmnohziqsJdBlBuQqn3x KTE/89ECD6jpTWSK6z9OwEPIgs0eF73Ur7lHd/eJDtRyWxczmFpvOcKn7FrnhA1eHZWo E/XM0UgB/IsDw7EsT2dPd0ZQhpkfAKE+rLtvVP4OoqLqnzL/Saq6G6qB7xY9Td4PeTOC UJDV5mWHfRPfuWNVrpavh05avivQz6eYQZYBKwR2Db8I4KJxkfVFuKPK428FWSkKxxku UIOMcdUNVNtMIWzhh3tupcV8zx/YSz/IKao7nUQ6yDeXbV5oq82PYOtCt85In2/a9aC4 t6lA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=mtW8bWcU; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ji4-20020a170907980400b006df76385eb8si21224459ejc.856.2022.03.29.01.29.59; Tue, 29 Mar 2022 01:29:59 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=mtW8bWcU; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E6F8168B276; Tue, 29 Mar 2022 11:29:55 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 44D6668B168 for ; Tue, 29 Mar 2022 11:29:48 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648542594; x=1680078594; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=6I1Df60RgikNhnsBoCiV5b4iVlu9d4t04oyJxaZr2us=; b=mtW8bWcUOnO/AlpFPe0aoUhVIMcf6Gu/N5J9/pqiBmo7I/CQGwdMUPkN una+PG7L42ck37aKi8UZLK12l5lI+exgpZhDKD95TkrOHSTg7kpT9hPp0 wnFn8nz/o2YkxLHBwo/hN9lcpjB4xsP2+5nsUo+banIfsTDUJFPCfyDkA 4apIOy1mfg54gzIcVAX6uoas/OLkrylLx9Co4qWo3li94tdBlDIOiPs5t lZ5l8ZEAlnwALza1R46cXdJ+TDrnoHtyyMG90mMrJU+W8bYFQy7N5wlKA E8nQSj67zlkJeKY98nVelSIFC1/KUaOuIVe+a4b6bcq33pqqHwdY9zioy A==; X-IronPort-AV: E=McAfee;i="6200,9189,10300"; a="241349581" X-IronPort-AV: E=Sophos;i="5.90,219,1643702400"; d="scan'208";a="241349581" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Mar 2022 01:29:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,219,1643702400"; d="scan'208";a="564435531" Received: from wenbin-z390-aorus-ultra.sh.intel.com ([10.239.35.4]) by orsmga008.jf.intel.com with ESMTP; 29 Mar 2022 01:29:46 -0700 From: Wenbin Chen To: ffmpeg-devel@ffmpeg.org Date: Tue, 29 Mar 2022 16:29:21 +0800 Message-Id: <20220329082921.756174-1-wenbin.chen@intel.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2] libavcodec/cbs_av1: Add size check before parse obu X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: RCoxcZL0U/Yh cbs_av1_write_unit() check pbc size after parsing obu frame, and return AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu frame will be parsed again, but this may cause error because CodedBitstreamAV1Context has already been updated, for example ref_order_hint is updated and will not match the same obu frame. Now size check is added before parsing obu frame to avoid this error. Signed-off-by: Wenbin Chen --- libavcodec/cbs_av1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1229480567..29e7bc16df 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, put_bits32(pbc, 0); } + if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc)) + return AVERROR(ENOSPC); + td = NULL; start_pos = put_bits_count(pbc); @@ -1196,9 +1199,6 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, flush_put_bits(pbc); av_assert0(data_pos <= start_pos); - if (8 * obu->obu_size > put_bits_left(pbc)) - return AVERROR(ENOSPC); - if (obu->obu_size > 0) { memmove(pbc->buf + data_pos, pbc->buf + start_pos, header_size);