From patchwork Fri Mar 29 15:56:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 47653 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:9f96:b0:1a3:b6bb:3029 with SMTP id mm22csp2065248pzb; Fri, 29 Mar 2024 08:56:19 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVWgkDN1AupQ8CK49dn2MDEh61FMYnZQqnjS0ao7eioW7aEQEOVpNSHHEvTJoiZyMp4cXLbrCKFK6ZFaqmTR03xMVbERvU1p+YSGw== X-Google-Smtp-Source: AGHT+IFyL2y3tPS0+1z+gO3QJPgk+xuSIiS+rUbYwgOK4FXYJ4FvexWg1iDrKIi7Dhiis1lYXVxh X-Received: by 2002:a50:9f6d:0:b0:568:1444:af5f with SMTP id b100-20020a509f6d000000b005681444af5fmr2341459edf.4.1711727779657; Fri, 29 Mar 2024 08:56:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1711727779; cv=none; d=google.com; s=arc-20160816; b=p3BOCa5+3xxx3fIpM+58llOOTLSCcmr9+XYbMa96wonsUwvZ4x9CKOXABQscyiqRm5 unhiVqRQ57hIPbY0JQBqeVAXRBv5fkwcN16mAQ4UU34WNnCSFPK9TDqfY/xDxh6pJClZ 5x2AiTB3cjAYrnvD8e71Jbh48xIZMmjTZUuzdnLB+vqfGcAsAIM2JsxwAmABYBjXgpay u/cIOIlIDtnwQqUJwntbWQ9LNumQpvsI9Zry1PcOuwAmAVM6N/mIwSWjgOTKQU8Nf+K6 mGx2UJ25JUBmwrSazlpXGLiVoaoroAYRDDTQ5joqO+14XnNfCl+aJBUqoVrWAVE1huLP msZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=TCykJgvzqsAc4dQGwlP21SG61+tuIbqDzk4IaB06ucc=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=weLdDFVRcvc3ifdazfPzf8bfKBuCFnVyAoK4aE1vk3GDBI78kB0OQbVhfF84EKYGNA 9XEtBwgz5ikowNOVCCArPuGE0E46jmclCNk4zx/H2VKe+08Luzw9pSpE41dJwLl0e4jl z5uyaKwuatoZU4umCBPpbtbGZm17ww7+x6sovd7Jvjs+edLzLgto/0fG/sPrmCGH8gKm hq6pH6Q84Z2hYnn96GLS8uVBH/y01VbUWu2E+6MlozE/8oRIg1JNVzyp2joYg3CQ1h4n k2qmuipZojbEcjQLwIiC0j7zuVLqVXedJSMiG4swj6uoOUfHWdUtG94Z9vRlEjpCzgVQ 37bw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=DV24+k7o; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id s16-20020a056402521000b0056c54031541si1755542edd.220.2024.03.29.08.56.19; Fri, 29 Mar 2024 08:56:19 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=DV24+k7o; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4152B68D70C; Fri, 29 Mar 2024 17:56:17 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DC5A168D3C9 for ; Fri, 29 Mar 2024 17:56:10 +0200 (EET) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-6e6b729669bso1817771b3a.3 for ; Fri, 29 Mar 2024 08:56:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711727767; x=1712332567; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=mOnI4v18eRzGQ4ZlZSEJhhMo7/CbupiLEayg/TPoV9A=; b=DV24+k7ooIxiEJHzzPtOJLKiSv+ljIi9ZAKcaR+PE66481Dfdj8KosMkE0UzlXuPLv 9hMtfHmOkc2ejWxRrZLiTQ2RwMoEkLQ4VZYBgEiDnr2OjlNqOf0mR810iZrswDsutcOd IDEG4LcLQ6TS4Bev5AzzG9OHYpgBo3CMtNpkMzNldtwsxDjOWxt9k+LkbhOZd0Rd7ONY GBjTp4DvULmF/2iMl6LhJPHUWF8254DOHtyszQvX1VMbBSiU0CkkDCf3mPSt9hLnirPp LccMt0765cqUXCYA8QIAWLyzDRlokHxR4CW/gcqzrFx8qlsJbTb9fgki6CCnso2BYK/T Rnrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711727767; x=1712332567; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mOnI4v18eRzGQ4ZlZSEJhhMo7/CbupiLEayg/TPoV9A=; b=S0jmEuj+RQY6OUJctVN0ygy+DKHpgZ1fuVNrSNDVNh2ossoTQiestcPSNJISRSF1O7 6vNPAT1ec4W86QZVhRWq4CrwFZ08tTgo8AJY9uV5gi9OXyPAOknzRlYbHN9y9cVDEvcu N5bRZVQPQDDzMxAPmWWM8mv+0e3h3xrz5E9cxSNHM/KOjKtFOe+243OCCEQsT8Ik0LlI oEIzg7Oz+49EcVCMW43eWwFDd3yPbTVWx3e/xfHd4Sgif1mIgZ3IvRvszLrYbKtj7V/F E7n1C1oxCEyAf1eF9ls7Ij8z9BzudLKifzwuDjepmGzOc516ETOCosURe//yil0c1/aC 9s2g== X-Gm-Message-State: AOJu0YwgHuaCQPFXkFv/JDbRLQBTecCmv1b+7LptPwosm1iWtq2ruBLq kU5o8bEYeRJ2yv4yFGT8GPmM7Pny/0WS80y8dXXePj+TPH4OY4tEfXczpZ2b X-Received: by 2002:a05:6a20:7487:b0:1a7:186:bec3 with SMTP id p7-20020a056a20748700b001a70186bec3mr911638pzd.57.1711727767207; Fri, 29 Mar 2024 08:56:07 -0700 (PDT) Received: from localhost.localdomain ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id c2-20020a056a000ac200b006eaf3057352sm78807pfl.85.2024.03.29.08.56.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Mar 2024 08:56:06 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Fri, 29 Mar 2024 12:56:01 -0300 Message-ID: <20240329155601.14190-1-jamrial@gmail.com> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avocdec/hevc_ps: don't use a fixed sized buffer for parameter set raw data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: bFynrOepI0XM Allocate it instead, and use it to compare sets instead of the parsed struct. Signed-off-by: James Almer --- libavcodec/hevc_ps.c | 84 ++++++++++++++++++++++---------------------- libavcodec/hevc_ps.h | 14 +++++--- 2 files changed, 51 insertions(+), 47 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 6475d86d7d..e417039d76 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -442,20 +442,18 @@ static int decode_hrd(GetBitContext *gb, int common_inf_present, return 0; } -static void uninit_vps(FFRefStructOpaque opaque, void *obj) +static void hevc_vps_free(FFRefStructOpaque opaque, void *obj) { HEVCVPS *vps = obj; av_freep(&vps->hdr); + av_freep(&vps->data); } static int compare_vps(const HEVCVPS *vps1, const HEVCVPS *vps2) { - if (!memcmp(vps1, vps2, offsetof(HEVCVPS, hdr))) - return !vps1->vps_num_hrd_parameters || - !memcmp(vps1->hdr, vps2->hdr, vps1->vps_num_hrd_parameters * sizeof(*vps1->hdr)); - - return 0; + return vps1->data_size == vps2->data_size && + !memcmp(vps1->data, vps2->data, vps1->data_size); } int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, @@ -463,25 +461,20 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, { int i,j; int vps_id = 0; - ptrdiff_t nal_size; - HEVCVPS *vps = ff_refstruct_alloc_ext(sizeof(*vps), 0, NULL, uninit_vps); + int ret = AVERROR_INVALIDDATA; + HEVCVPS *vps = ff_refstruct_alloc_ext(sizeof(*vps), 0, NULL, hevc_vps_free); if (!vps) return AVERROR(ENOMEM); av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); - nal_size = gb->buffer_end - gb->buffer; - if (nal_size > sizeof(vps->data)) { - av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized VPS " - "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n", - nal_size, sizeof(vps->data)); - vps->data_size = sizeof(vps->data); - } else { - vps->data_size = nal_size; + vps->data_size = gb->buffer_end - gb->buffer; + vps->data = av_memdup(gb->buffer, vps->data_size); + if (!vps->data) { + ret = AVERROR(ENOMEM); + goto err; } - memcpy(vps->data, gb->buffer, vps->data_size); - vps_id = vps->vps_id = get_bits(gb, 4); if (get_bits(gb, 2) != 3) { // vps_reserved_three_2bits @@ -591,7 +584,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, err: ff_refstruct_unref(&vps); - return AVERROR_INVALIDDATA; + return ret; } static void decode_vui(GetBitContext *gb, AVCodecContext *avctx, @@ -1294,36 +1287,43 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, return 0; } +static void hevc_sps_free(FFRefStructOpaque opaque, void *obj) +{ + HEVCSPS *sps = obj; + + av_freep(&sps->data); +} + +static int compare_sps(const HEVCSPS *sps1, const HEVCSPS *sps2) +{ + return sps1->data_size == sps2->data_size && + !memcmp(sps1->data, sps2->data, sps1->data_size); +} + int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, HEVCParamSets *ps, int apply_defdispwin) { - HEVCSPS *sps = ff_refstruct_allocz(sizeof(*sps)); + HEVCSPS *sps = ff_refstruct_alloc_ext(sizeof(*sps), 0, NULL, hevc_sps_free); unsigned int sps_id; int ret; - ptrdiff_t nal_size; if (!sps) return AVERROR(ENOMEM); av_log(avctx, AV_LOG_DEBUG, "Decoding SPS\n"); - nal_size = gb->buffer_end - gb->buffer; - if (nal_size > sizeof(sps->data)) { - av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized SPS " - "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n", - nal_size, sizeof(sps->data)); - sps->data_size = sizeof(sps->data); - } else { - sps->data_size = nal_size; + sps->data_size = gb->buffer_end - gb->buffer; + sps->data = av_memdup(gb->buffer, sps->data_size); + if (!sps->data) { + ret = AVERROR(ENOMEM); + goto err; } - memcpy(sps->data, gb->buffer, sps->data_size); ret = ff_hevc_parse_sps(sps, gb, &sps_id, apply_defdispwin, ps->vps_list, avctx); if (ret < 0) { - ff_refstruct_unref(&sps); - return ret; + goto err; } if (avctx->debug & FF_DEBUG_BITSTREAM) { @@ -1340,7 +1340,7 @@ int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, * original one. * otherwise drop all PPSes that depend on it */ if (ps->sps_list[sps_id] && - !memcmp(ps->sps_list[sps_id], sps, sizeof(*sps))) { + compare_sps(ps->sps_list[sps_id], sps)) { ff_refstruct_unref(&sps); } else { remove_sps(ps, sps_id); @@ -1348,6 +1348,9 @@ int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, } return 0; +err: + ff_refstruct_unref(&sps); + return ret; } static void hevc_pps_free(FFRefStructOpaque unused, void *obj) @@ -1364,6 +1367,7 @@ static void hevc_pps_free(FFRefStructOpaque unused, void *obj) av_freep(&pps->tile_pos_rs); av_freep(&pps->tile_id); av_freep(&pps->min_tb_addr_zs_tab); + av_freep(&pps->data); } static void colour_mapping_octants(GetBitContext *gb, HEVCPPS *pps, int inp_depth, @@ -1773,16 +1777,12 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Decoding PPS\n"); - nal_size = gb->buffer_end - gb->buffer; - if (nal_size > sizeof(pps->data)) { - av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized PPS " - "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n", - nal_size, sizeof(pps->data)); - pps->data_size = sizeof(pps->data); - } else { - pps->data_size = nal_size; + pps->data_size = gb->buffer_end - gb->buffer; + pps->data = av_memdup(gb->buffer, pps->data_size); + if (!pps->data) { + ret = AVERROR_INVALIDDATA; + goto err; } - memcpy(pps->data, gb->buffer, pps->data_size); // Default values pps->loop_filter_across_tiles_enabled_flag = 1; diff --git a/libavcodec/hevc_ps.h b/libavcodec/hevc_ps.h index 0d8eaf2b3e..bed406770f 100644 --- a/libavcodec/hevc_ps.h +++ b/libavcodec/hevc_ps.h @@ -172,11 +172,11 @@ typedef struct HEVCVPS { int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + 1 int vps_num_hrd_parameters; - uint8_t data[4096]; - int data_size; - /* Put this at the end of the structure to make it easier to calculate the + /* Keep this at the end of the structure to make it easier to calculate the * size before this pointer, which is used for memcmp */ HEVCHdrParams *hdr; + uint8_t *data; + int data_size; } HEVCVPS; typedef struct ScalingList { @@ -299,7 +299,9 @@ typedef struct HEVCSPS { int qp_bd_offset; - uint8_t data[4096]; + /* Keep this at the end of the structure to make it easier to calculate the + * size before this pointer, which is used for memcmp */ + uint8_t *data; int data_size; } HEVCSPS; @@ -434,7 +436,9 @@ typedef struct HEVCPPS { int *min_tb_addr_zs; ///< MinTbAddrZS int *min_tb_addr_zs_tab;///< MinTbAddrZS - uint8_t data[4096]; + /* Keep this at the end of the structure to make it easier to calculate the + * size before this pointer, which is used for memcmp */ + uint8_t *data; int data_size; } HEVCPPS;