| Message ID | 20240217144810.10604-1-post@frankplowman.com |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel] lavc/vvc: Fail inter prediction if using IBC | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
Hi Frank, Thank you for the patch. The IBC is working on my side. I will send out the patch in the following weeks. Could you send me the fuzz file? I want to ensure that it will not cause my patch to crash. On Sat, Feb 17, 2024 at 10:48 PM Frank Plowman <post@frankplowman.com> wrote: > IBC is not yet implemented. Fail the inter prediction process with > AVERROR_PATCHWELCOME if the bitstream uses IBC. Fixes crashes due to > out-of-bounds reads when attempting to decode IBC bitstreams. > > Signed-off-by: Frank Plowman <post@frankplowman.com> > --- > libavcodec/vvc/vvc_inter.c | 30 +++++++++++++++++++++++------- > 1 file changed, 23 insertions(+), 7 deletions(-) > > diff --git a/libavcodec/vvc/vvc_inter.c b/libavcodec/vvc/vvc_inter.c > index e05f3db93e..cb5e8d4ef6 100644 > --- a/libavcodec/vvc/vvc_inter.c > +++ b/libavcodec/vvc/vvc_inter.c > @@ -779,7 +779,7 @@ static void derive_sb_mv(VVCLocalContext *lc, MvField > *mv, MvField *orig_mv, int > } > } > > -static void pred_regular_blk(VVCLocalContext *lc, const int skip_ciip) > +static int pred_regular_blk(VVCLocalContext *lc, const int skip_ciip) > { > const VVCFrameContext *fc = lc->fc; > const CodingUnit *cu = lc->cu; > @@ -789,7 +789,7 @@ static void pred_regular_blk(VVCLocalContext *lc, > const int skip_ciip) > int sbw, sbh, sb_bdof_flag = 0; > > if (cu->ciip_flag && skip_ciip) > - return; > + return 0; > > sbw = cu->cb_width / mi->num_sb_x; > sbh = cu->cb_height / mi->num_sb_y; > @@ -803,11 +803,17 @@ static void pred_regular_blk(VVCLocalContext *lc, > const int skip_ciip) > ff_vvc_set_neighbour_available(lc, x0, y0, sbw, sbh); > > derive_sb_mv(lc, &mv, &orig_mv, &sb_bdof_flag, x0, y0, sbw, > sbh); > + if (mv.pred_flag == PF_INTRA) { > + avpriv_report_missing_feature(fc->log_ctx, "Intra Block > Copy"); > + return AVERROR_PATCHWELCOME; > + } > pred_regular_luma(lc, mi->hpel_if_idx, mi->hpel_if_idx, &mv, > x0, y0, sbw, sbh, &orig_mv, sb_bdof_flag); > if (fc->ps.sps->r->sps_chroma_format_idc) > pred_regular_chroma(lc, &mv, x0, y0, sbw, sbh, &orig_mv, > pu->dmvr_flag); > } > } > + > + return 0; > } > > static void derive_affine_mvc(MvField *mvc, const VVCFrameContext *fc, > const MvField *mv, > @@ -872,23 +878,29 @@ static void pred_affine_blk(VVCLocalContext *lc) > } > } > > -static void predict_inter(VVCLocalContext *lc) > +static int predict_inter(VVCLocalContext *lc) > { > const VVCFrameContext *fc = lc->fc; > const CodingUnit *cu = lc->cu; > const PredictionUnit *pu = &cu->pu; > + int ret; > > if (pu->merge_gpm_flag) > pred_gpm_blk(lc); > else if (pu->inter_affine_flag) > pred_affine_blk(lc); > - else > - pred_regular_blk(lc, 1); //intra block is not ready yet, skip > ciip > + else { > + ret = pred_regular_blk(lc, 1); //intra block is not ready yet, > skip ciip > + if (ret < 0) > + return ret; > + } > > if (lc->sc->sh.r->sh_lmcs_used_flag && !cu->ciip_flag) { > uint8_t* dst0 = POS(0, cu->x0, cu->y0); > fc->vvcdsp.lmcs.filter(dst0, fc->frame->linesize[LUMA], > cu->cb_width, cu->cb_height, fc->ps.lmcs.fwd_lut); > } > + > + return 0; > } > > static int has_inter_luma(const CodingUnit *cu) > @@ -901,11 +913,15 @@ int ff_vvc_predict_inter(VVCLocalContext *lc, const > int rs) > const VVCFrameContext *fc = lc->fc; > const CTU *ctu = fc->tab.ctus + rs; > CodingUnit *cu = ctu->cus; > + int ret; > > while (cu) { > lc->cu = cu; > - if (has_inter_luma(cu)) > - predict_inter(lc); > + if (has_inter_luma(cu)) { > + ret = predict_inter(lc); > + if (ret < 0) > + return ret; > + } > cu = cu->next; > } > > -- > 2.43.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
diff --git a/libavcodec/vvc/vvc_inter.c b/libavcodec/vvc/vvc_inter.c index e05f3db93e..cb5e8d4ef6 100644 --- a/libavcodec/vvc/vvc_inter.c +++ b/libavcodec/vvc/vvc_inter.c @@ -779,7 +779,7 @@ static void derive_sb_mv(VVCLocalContext *lc, MvField *mv, MvField *orig_mv, int } } -static void pred_regular_blk(VVCLocalContext *lc, const int skip_ciip) +static int pred_regular_blk(VVCLocalContext *lc, const int skip_ciip) { const VVCFrameContext *fc = lc->fc; const CodingUnit *cu = lc->cu; @@ -789,7 +789,7 @@ static void pred_regular_blk(VVCLocalContext *lc, const int skip_ciip) int sbw, sbh, sb_bdof_flag = 0; if (cu->ciip_flag && skip_ciip) - return; + return 0; sbw = cu->cb_width / mi->num_sb_x; sbh = cu->cb_height / mi->num_sb_y; @@ -803,11 +803,17 @@ static void pred_regular_blk(VVCLocalContext *lc, const int skip_ciip) ff_vvc_set_neighbour_available(lc, x0, y0, sbw, sbh); derive_sb_mv(lc, &mv, &orig_mv, &sb_bdof_flag, x0, y0, sbw, sbh); + if (mv.pred_flag == PF_INTRA) { + avpriv_report_missing_feature(fc->log_ctx, "Intra Block Copy"); + return AVERROR_PATCHWELCOME; + } pred_regular_luma(lc, mi->hpel_if_idx, mi->hpel_if_idx, &mv, x0, y0, sbw, sbh, &orig_mv, sb_bdof_flag); if (fc->ps.sps->r->sps_chroma_format_idc) pred_regular_chroma(lc, &mv, x0, y0, sbw, sbh, &orig_mv, pu->dmvr_flag); } } + + return 0; } static void derive_affine_mvc(MvField *mvc, const VVCFrameContext *fc, const MvField *mv, @@ -872,23 +878,29 @@ static void pred_affine_blk(VVCLocalContext *lc) } } -static void predict_inter(VVCLocalContext *lc) +static int predict_inter(VVCLocalContext *lc) { const VVCFrameContext *fc = lc->fc; const CodingUnit *cu = lc->cu; const PredictionUnit *pu = &cu->pu; + int ret; if (pu->merge_gpm_flag) pred_gpm_blk(lc); else if (pu->inter_affine_flag) pred_affine_blk(lc); - else - pred_regular_blk(lc, 1); //intra block is not ready yet, skip ciip + else { + ret = pred_regular_blk(lc, 1); //intra block is not ready yet, skip ciip + if (ret < 0) + return ret; + } if (lc->sc->sh.r->sh_lmcs_used_flag && !cu->ciip_flag) { uint8_t* dst0 = POS(0, cu->x0, cu->y0); fc->vvcdsp.lmcs.filter(dst0, fc->frame->linesize[LUMA], cu->cb_width, cu->cb_height, fc->ps.lmcs.fwd_lut); } + + return 0; } static int has_inter_luma(const CodingUnit *cu) @@ -901,11 +913,15 @@ int ff_vvc_predict_inter(VVCLocalContext *lc, const int rs) const VVCFrameContext *fc = lc->fc; const CTU *ctu = fc->tab.ctus + rs; CodingUnit *cu = ctu->cus; + int ret; while (cu) { lc->cu = cu; - if (has_inter_luma(cu)) - predict_inter(lc); + if (has_inter_luma(cu)) { + ret = predict_inter(lc); + if (ret < 0) + return ret; + } cu = cu->next; }
IBC is not yet implemented. Fail the inter prediction process with AVERROR_PATCHWELCOME if the bitstream uses IBC. Fixes crashes due to out-of-bounds reads when attempting to decode IBC bitstreams. Signed-off-by: Frank Plowman <post@frankplowman.com> --- libavcodec/vvc/vvc_inter.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-)