From patchwork Sun Jun 7 13:27:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 20187 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 196AD44BD71 for ; Sun, 7 Jun 2020 16:28:02 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EA3D068A646; Sun, 7 Jun 2020 16:28:01 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qk1-f196.google.com (mail-qk1-f196.google.com [209.85.222.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 774CD6899EA for ; Sun, 7 Jun 2020 16:27:55 +0300 (EEST) Received: by mail-qk1-f196.google.com with SMTP id n11so14696314qkn.8 for ; Sun, 07 Jun 2020 06:27:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=cbRc4M7bp/wTlNUm+h1fySA1FjNrA7d/ieEzmQi9nGw=; b=ExrdTY3PAzU0evRjsAzIhQktMko2EEawR4XNArNhrwC7wCojhCM862GV4BSB4G6shf G9Xr7p4O9quJuLHT91aJi9wv77V59YZkhojILX11RNWo7+OxvLJDYT0PF9pMlGjpl6+S cUl6O7SmTr3mj1yyBpsUZ5CxLFd8RFFC0W7rACBNZCNywmq7swwGCPfr1oTWcXs8Aks4 YUan90WfiPYC7+GqYob240e4tLRAZeWnK6PjIZZMnpp/9GLSFuQ1Zh+cisKPa6kDyun7 med30AthZJMs0olAD0IXvHM8pCC9rW+B7dlslacwZ5Oe0KblaaJs5AslZJNTkP46gPV/ FgpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=cbRc4M7bp/wTlNUm+h1fySA1FjNrA7d/ieEzmQi9nGw=; b=K2Vpo5aRukCeqBx/ILAMAfB+CGfs7O11F6LUh67a+LxcVu9VYpjYXCjjaKLOmlisyX X+0fuO+h+YJ0IpJZUwdtxEdz+MzVJ5HbvBuiwzyo9MzxnN+p/NZ8objYpSJDbp+kXoQm 8iV42fSY1ehuya88zEYApQ3Mgi6ZPuncpKCXH6MDjIXkAC+PFlMLuGrKlAoHn6NP2oxf 0uYnEfgwo93R3wokGLqDHI4U2IoQ2dplLj6JqPSMS7xognkYMA2iQCz3qmgnhGrelAAJ qw/j4lDZmBI6iy+3dsQhMjF7CIX+Sa+ge93jl1CcdQOQx6qBnIql5JBGZuS8Qu3/tBHa RneA== X-Gm-Message-State: AOAM530FXUvBFAb72ov3Ou7PFyIuz+hET0jjRw2izIiA1oZnR6JdVfnJ /0/HqtiQfdbiQEQLucBFhpBEyGYS X-Google-Smtp-Source: ABdhPJwKRULZ5GkOGSuIzQHKLoq2rDIe0BTfX+wTBDHLaMGyg6nrPk80Bl+MEIPeLRTfwEUCMqTr+w== X-Received: by 2002:ae9:ef0e:: with SMTP id d14mr18395211qkg.416.1591536473236; Sun, 07 Jun 2020 06:27:53 -0700 (PDT) Received: from localhost.localdomain ([191.83.212.166]) by smtp.gmail.com with ESMTPSA id q207sm4554513qke.55.2020.06.07.06.27.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 07 Jun 2020 06:27:52 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Sun, 7 Jun 2020 10:27:37 -0300 Message-Id: <20200607132737.1375-1-jamrial@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avcodec/cbs_h2645: keep separate parameter set lists for reading and writing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Similar logic as 4e2bef6a82. In scearios where an Access Unit is written right after reading it using the same CBS context (hevc_metadata), the list of parsed parameters sets used by the writer must not be the one that's the result of the reader having already parsed the current Access Unit in question. Fixes: out of array access Fixes: 23034/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-5074645169733632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: James Almer --- An alternative is forcing the usage of separate CBS contexts for reading and writing. libavcodec/cbs_h264.h | 18 ++++++++--- libavcodec/cbs_h2645.c | 72 ++++++++++++++++++++++++++++++++---------- libavcodec/cbs_h265.h | 26 +++++++++++---- 3 files changed, 89 insertions(+), 27 deletions(-) diff --git a/libavcodec/cbs_h264.h b/libavcodec/cbs_h264.h index 9f7c2a0d30..9d104787d9 100644 --- a/libavcodec/cbs_h264.h +++ b/libavcodec/cbs_h264.h @@ -448,10 +448,20 @@ typedef struct CodedBitstreamH264Context { // All currently available parameter sets. These are updated when // any parameter set NAL unit is read/written with this context. - AVBufferRef *sps_ref[H264_MAX_SPS_COUNT]; - AVBufferRef *pps_ref[H264_MAX_PPS_COUNT]; - H264RawSPS *sps[H264_MAX_SPS_COUNT]; - H264RawPPS *pps[H264_MAX_PPS_COUNT]; + AVBufferRef **sps_ref; + AVBufferRef **pps_ref; + H264RawSPS **sps; + H264RawPPS **pps; + + AVBufferRef *read_sps_ref[H264_MAX_SPS_COUNT]; + AVBufferRef *read_pps_ref[H264_MAX_PPS_COUNT]; + H264RawSPS *read_sps[H264_MAX_SPS_COUNT]; + H264RawPPS *read_pps[H264_MAX_PPS_COUNT]; + + AVBufferRef *write_sps_ref[H264_MAX_SPS_COUNT]; + AVBufferRef *write_pps_ref[H264_MAX_PPS_COUNT]; + H264RawSPS *write_sps[H264_MAX_SPS_COUNT]; + H264RawPPS *write_pps[H264_MAX_PPS_COUNT]; // The currently active parameter sets. These are updated when any // NAL unit refers to the relevant parameter set. These pointers diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index b432921ecc..69ed890c63 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -758,14 +758,14 @@ static int cbs_h2645_split_fragment(CodedBitstreamContext *ctx, return 0; } -#define cbs_h2645_replace_ps(h26n, ps_name, ps_var, id_element) \ +#define cbs_h2645_replace_ps(h26n, Hn, ps_name, ps_var, id_element) \ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \ CodedBitstreamUnit *unit) \ { \ CodedBitstreamH26 ## h26n ## Context *priv = ctx->priv_data; \ H26 ## h26n ## Raw ## ps_name *ps_var = unit->content; \ unsigned int id = ps_var->id_element; \ - if (id >= FF_ARRAY_ELEMS(priv->ps_var)) { \ + if (id >= Hn ## _MAX_ ## ps_name ## _COUNT) { \ av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid " #ps_name \ " id : %d.\n", id); \ return AVERROR_INVALIDDATA; \ @@ -785,18 +785,24 @@ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \ return 0; \ } -cbs_h2645_replace_ps(4, SPS, sps, seq_parameter_set_id) -cbs_h2645_replace_ps(4, PPS, pps, pic_parameter_set_id) -cbs_h2645_replace_ps(5, VPS, vps, vps_video_parameter_set_id) -cbs_h2645_replace_ps(5, SPS, sps, sps_seq_parameter_set_id) -cbs_h2645_replace_ps(5, PPS, pps, pps_pic_parameter_set_id) +cbs_h2645_replace_ps(4, H264, SPS, sps, seq_parameter_set_id) +cbs_h2645_replace_ps(4, H264, PPS, pps, pic_parameter_set_id) +cbs_h2645_replace_ps(5, HEVC, VPS, vps, vps_video_parameter_set_id) +cbs_h2645_replace_ps(5, HEVC, SPS, sps, sps_seq_parameter_set_id) +cbs_h2645_replace_ps(5, HEVC, PPS, pps, pps_pic_parameter_set_id) static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx, CodedBitstreamUnit *unit) { + CodedBitstreamH264Context *priv = ctx->priv_data; GetBitContext gbc; int err; + priv->sps_ref = (AVBufferRef **)priv->read_sps_ref; + priv->pps_ref = (AVBufferRef **)priv->read_pps_ref; + priv->sps = (H264RawSPS **)priv->read_sps; + priv->pps = (H264RawPPS **)priv->read_pps; + err = init_get_bits(&gbc, unit->data, 8 * unit->data_size); if (err < 0) return err; @@ -953,9 +959,17 @@ static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx, static int cbs_h265_read_nal_unit(CodedBitstreamContext *ctx, CodedBitstreamUnit *unit) { + CodedBitstreamH265Context *priv = ctx->priv_data; GetBitContext gbc; int err; + priv->vps_ref = (AVBufferRef **)priv->read_vps_ref; + priv->sps_ref = (AVBufferRef **)priv->read_sps_ref; + priv->pps_ref = (AVBufferRef **)priv->read_pps_ref; + priv->vps = (H265RawVPS **)priv->read_vps; + priv->sps = (H265RawSPS **)priv->read_sps; + priv->pps = (H265RawPPS **)priv->read_pps; + err = init_get_bits(&gbc, unit->data, 8 * unit->data_size); if (err < 0) return err; @@ -1164,8 +1178,14 @@ static int cbs_h264_write_nal_unit(CodedBitstreamContext *ctx, CodedBitstreamUnit *unit, PutBitContext *pbc) { + CodedBitstreamH264Context *priv = ctx->priv_data; int err; + priv->sps_ref = (AVBufferRef **)priv->write_sps_ref; + priv->pps_ref = (AVBufferRef **)priv->write_pps_ref; + priv->sps = (H264RawSPS **)priv->write_sps; + priv->pps = (H264RawPPS **)priv->write_pps; + switch (unit->type) { case H264_NAL_SPS: { @@ -1281,8 +1301,16 @@ static int cbs_h265_write_nal_unit(CodedBitstreamContext *ctx, CodedBitstreamUnit *unit, PutBitContext *pbc) { + CodedBitstreamH265Context *priv = ctx->priv_data; int err; + priv->vps_ref = (AVBufferRef **)priv->write_vps_ref; + priv->sps_ref = (AVBufferRef **)priv->write_sps_ref; + priv->pps_ref = (AVBufferRef **)priv->write_pps_ref; + priv->vps = (H265RawVPS **)priv->write_vps; + priv->sps = (H265RawSPS **)priv->write_sps; + priv->pps = (H265RawPPS **)priv->write_pps; + switch (unit->type) { case HEVC_NAL_VPS: { @@ -1483,10 +1511,14 @@ static void cbs_h264_close(CodedBitstreamContext *ctx) ff_h2645_packet_uninit(&h264->common.read_packet); - for (i = 0; i < FF_ARRAY_ELEMS(h264->sps); i++) - av_buffer_unref(&h264->sps_ref[i]); - for (i = 0; i < FF_ARRAY_ELEMS(h264->pps); i++) - av_buffer_unref(&h264->pps_ref[i]); + for (i = 0; i < H264_MAX_SPS_COUNT; i++) { + av_buffer_unref(&h264->read_sps_ref[i]); + av_buffer_unref(&h264->write_sps_ref[i]); + } + for (i = 0; i < H264_MAX_PPS_COUNT; i++) { + av_buffer_unref(&h264->read_pps_ref[i]); + av_buffer_unref(&h264->write_pps_ref[i]); + } } static void cbs_h265_close(CodedBitstreamContext *ctx) @@ -1496,12 +1528,18 @@ static void cbs_h265_close(CodedBitstreamContext *ctx) ff_h2645_packet_uninit(&h265->common.read_packet); - for (i = 0; i < FF_ARRAY_ELEMS(h265->vps); i++) - av_buffer_unref(&h265->vps_ref[i]); - for (i = 0; i < FF_ARRAY_ELEMS(h265->sps); i++) - av_buffer_unref(&h265->sps_ref[i]); - for (i = 0; i < FF_ARRAY_ELEMS(h265->pps); i++) - av_buffer_unref(&h265->pps_ref[i]); + for (i = 0; i < HEVC_MAX_VPS_COUNT; i++) { + av_buffer_unref(&h265->read_vps_ref[i]); + av_buffer_unref(&h265->write_vps_ref[i]); + } + for (i = 0; i < HEVC_MAX_SPS_COUNT; i++) { + av_buffer_unref(&h265->read_sps_ref[i]); + av_buffer_unref(&h265->write_sps_ref[i]); + } + for (i = 0; i < HEVC_MAX_PPS_COUNT; i++) { + av_buffer_unref(&h265->read_pps_ref[i]); + av_buffer_unref(&h265->write_pps_ref[i]); + } } const CodedBitstreamType ff_cbs_type_h264 = { diff --git a/libavcodec/cbs_h265.h b/libavcodec/cbs_h265.h index 73897f77a4..ab27f77f15 100644 --- a/libavcodec/cbs_h265.h +++ b/libavcodec/cbs_h265.h @@ -731,12 +731,26 @@ typedef struct CodedBitstreamH265Context { // All currently available parameter sets. These are updated when // any parameter set NAL unit is read/written with this context. - AVBufferRef *vps_ref[HEVC_MAX_VPS_COUNT]; - AVBufferRef *sps_ref[HEVC_MAX_SPS_COUNT]; - AVBufferRef *pps_ref[HEVC_MAX_PPS_COUNT]; - H265RawVPS *vps[HEVC_MAX_VPS_COUNT]; - H265RawSPS *sps[HEVC_MAX_SPS_COUNT]; - H265RawPPS *pps[HEVC_MAX_PPS_COUNT]; + AVBufferRef **vps_ref; + AVBufferRef **sps_ref; + AVBufferRef **pps_ref; + H265RawVPS **vps; + H265RawSPS **sps; + H265RawPPS **pps; + + AVBufferRef *read_vps_ref[HEVC_MAX_VPS_COUNT]; + AVBufferRef *read_sps_ref[HEVC_MAX_SPS_COUNT]; + AVBufferRef *read_pps_ref[HEVC_MAX_PPS_COUNT]; + H265RawVPS *read_vps[HEVC_MAX_VPS_COUNT]; + H265RawSPS *read_sps[HEVC_MAX_SPS_COUNT]; + H265RawPPS *read_pps[HEVC_MAX_PPS_COUNT]; + + AVBufferRef *write_vps_ref[HEVC_MAX_VPS_COUNT]; + AVBufferRef *write_sps_ref[HEVC_MAX_SPS_COUNT]; + AVBufferRef *write_pps_ref[HEVC_MAX_PPS_COUNT]; + H265RawVPS *write_vps[HEVC_MAX_VPS_COUNT]; + H265RawSPS *write_sps[HEVC_MAX_SPS_COUNT]; + H265RawPPS *write_pps[HEVC_MAX_PPS_COUNT]; // The currently active parameter sets. These are updated when any // NAL unit refers to the relevant parameter set. These pointers From patchwork Thu Jun 11 16:13:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 20286 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id E69F3449B85 for ; Thu, 11 Jun 2020 19:14:02 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D49D168B575; Thu, 11 Jun 2020 19:14:02 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qt1-f194.google.com (mail-qt1-f194.google.com [209.85.160.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5F17468AEAD for ; Thu, 11 Jun 2020 19:13:56 +0300 (EEST) Received: by mail-qt1-f194.google.com with SMTP id z1so4980746qtn.2 for ; Thu, 11 Jun 2020 09:13:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=U7Miuj7a8e/Fv0JJ28Zcg3/CqTvSrAa1u0AeqZFu3bg=; b=lszSsaZR24T+SRKfgAn5ZZrJFqpnVqy5D7wyLSbDE6fuVejFiN2bND217mEJVDGS6Z J4ar1VZpeltJDQZ4S5D0s9Tlvlt1g9n2DmgZG1WIxmN+JlN8D9FEwi6t3hcmQ30o+lQO PtLaJdAa7qdFyi7wZYXfuynXBtL4PmQqhCjOQnpb8vzGi3u2nPcx0g+nXLJzXc8I9hw1 ihw4tPSfMr2S18fS6fAVS4wkPmW+dt3NrGl+SMjCLe0G2YxMNQyPVW1Whq4mhA0ndnQ9 cfVvV1owW9KzlQODa+ypooh3TJqdX9G8mAsipkl6R+eAgxoE8yTR8OL4XZCVVQScHeyo hhmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=U7Miuj7a8e/Fv0JJ28Zcg3/CqTvSrAa1u0AeqZFu3bg=; b=q2kg+LAhpTQWY/8C48OvH41guooGIL6eNhFBbHXR1aRPZ9kMbx7Oe7qn/0IwqTREHE icOk0eKzHZtViHpweFq3IQlP+q6CkPt9eSf8oOn94KQ0HBRH4LDomknFn+LeJZac5e/q LLkEu0+UW+cDzCi5DcMSPguQl0R25/jYvHqvAnW5Dfi8lcHFp0VdSNrfrbc7D+bsh6Fo +kt/PpUmiWnDwURIJar2UB7UsTlUuoe/vSwI9rZpow+QxnPK60vGmZ7NRniRWE7FLq6f 2+N6rE7/7eyeCwpmez4nlGxL9D8PGd9D24OkEtvU2t+bytJLVmh2iP6wRFc7c3/jCKgY D45Q== X-Gm-Message-State: AOAM530LjuC7+/cKI1czTbFHyXE4VKlNRpri+qZVWhn2ftut802u1xOJ 3L/10JuxWPrzunHalaBHRFFikvNg X-Google-Smtp-Source: ABdhPJz3unAQhNcTvmKJ9me9k4DG+kKLiyvxbCXWQ4VYAcJHcDI52mpId2J8bxMv5sYi5Z4trBm7LA== X-Received: by 2002:ac8:4cce:: with SMTP id l14mr9646357qtv.35.1591892034509; Thu, 11 Jun 2020 09:13:54 -0700 (PDT) Received: from localhost.localdomain ([191.84.253.97]) by smtp.gmail.com with ESMTPSA id c17sm2603942qtw.48.2020.06.11.09.13.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jun 2020 09:13:53 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 11 Jun 2020 13:13:19 -0300 Message-Id: <20200611161320.5136-1-jamrial@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200607132737.1375-1-jamrial@gmail.com> References: <20200607132737.1375-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avcodec/cbs_h2645: abort when the written inferred value is not the expected one X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents creating invalid bitstreams. Signed-off-by: James Almer --- libavcodec/cbs_h2645.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index 69ed890c63..f239d52271 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -408,10 +408,11 @@ static int cbs_h2645_read_more_rbsp_data(GetBitContext *gbc) #define infer(name, value) do { \ if (current->name != (value)) { \ - av_log(ctx->log_ctx, AV_LOG_WARNING, "Warning: " \ + av_log(ctx->log_ctx, AV_LOG_ERROR, \ "%s does not match inferred value: " \ "%"PRId64", but should be %"PRId64".\n", \ #name, (int64_t)current->name, (int64_t)(value)); \ + return AVERROR_BUG; \ } \ } while (0) From patchwork Thu Jun 11 16:13:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 20287 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 0B88A449B85 for ; Thu, 11 Jun 2020 19:14:05 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E870C68B5E6; Thu, 11 Jun 2020 19:14:04 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qk1-f194.google.com (mail-qk1-f194.google.com [209.85.222.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 026C068B5D7 for ; Thu, 11 Jun 2020 19:13:58 +0300 (EEST) Received: by mail-qk1-f194.google.com with SMTP id n11so6080121qkn.8 for ; Thu, 11 Jun 2020 09:13:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=rj7+8rtCJFDDDAhOnua3252mjUlEn5KWucpfKQSU4CA=; b=M4H5FZDMsL4FCyQoObR8SSoulWGC+R00h78hXVCGTDz74qJLNoWjOO6l3WrJsTnlbZ Y8fW+eVzKu3H8OOo1kuMAAKFcKHQZLM5VsnVYKMG3K0o+0Oxa8xUd8xn7CF4gNeXzMIJ KIsQ473g8/CT+8GoZWTExnv29f9D9tthv8qW2XhVpgeKuV1AllB2s5JYLUHBlVrx/hYt RSKOAnJK9ZKTpkx2wrlCgdY69w0ccsEa7gS6f00ra46apf+rxuocwe0+/TDTFs0C1LRs EohPvE8XtSbX08zkiWqh+a4NHZ1zkhwxMx09GsH7vYNFd7aVZn/CXXcmyFvgSzNXCSRS cdPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rj7+8rtCJFDDDAhOnua3252mjUlEn5KWucpfKQSU4CA=; b=Zjp5LPMfUgXTqdlYdRDCcWhXIdFvtIhdgK5q4iVURc3gY0fQMY2OmLeUZTOqnh7hCh WW/FBwcj8AhXzYSkYztT6jcDopDHvKP/G3qS1GCh1ue0qIEnq3m23AXsT92l4vE2pV6J UySoxH1V/BOfmSIDgbgLViNZB3O3RBVs6qgxpO0/iyo35YjBxg2keQInh9cz9fNhtA/k rfzu0e561xbCHGKOOfsXdGP59pVF01maXRftMVLbXU9BYZL56d0jw9QGqxZDolo6l163 CMYQACpW+uBvfQwH5AdaV2U2m0xFjqbKrTukad6UfH1EMOQyLANslmqSM46JJL9TbFj2 LmBQ== X-Gm-Message-State: AOAM533KxGgJDipgMe3QS8I5n5rozsv5Ipxf5KYPtHrXwuVqUvuWXcR7 LqrsbGIhHI0T6qHJNsI27ou4f6CH X-Google-Smtp-Source: ABdhPJxAVxKrehDatBIBAarkr/hZGGEKIzuZCJUQHFH4GLs3VOWAkAwYwklv47EBORd+AX0lkta69A== X-Received: by 2002:a37:784:: with SMTP id 126mr8872029qkh.200.1591892036173; Thu, 11 Jun 2020 09:13:56 -0700 (PDT) Received: from localhost.localdomain ([191.84.253.97]) by smtp.gmail.com with ESMTPSA id c17sm2603942qtw.48.2020.06.11.09.13.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jun 2020 09:13:55 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 11 Jun 2020 13:13:20 -0300 Message-Id: <20200611161320.5136-2-jamrial@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200611161320.5136-1-jamrial@gmail.com> References: <20200607132737.1375-1-jamrial@gmail.com> <20200611161320.5136-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/cbs_av1: abort when the written inferred value is not the expected one X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents creating invalid bitstreams. Signed-off-by: James Almer --- libavcodec/cbs_av1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index fc228086c2..456bd9b1d5 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -711,10 +711,11 @@ static size_t cbs_av1_get_payload_bytes_left(GetBitContext *gbc) #define infer(name, value) do { \ if (current->name != (value)) { \ - av_log(ctx->log_ctx, AV_LOG_WARNING, "Warning: " \ + av_log(ctx->log_ctx, AV_LOG_ERROR, \ "%s does not match inferred value: " \ "%"PRId64", but should be %"PRId64".\n", \ #name, (int64_t)current->name, (int64_t)(value)); \ + return AVERROR_BUG; \ } \ } while (0)