From patchwork Tue Sep 14 10:50:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Wang X-Patchwork-Id: 30240 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp4866085iov; Tue, 14 Sep 2021 03:50:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzm3WrgjESJrPgTGVODe6km6H3JFmXMCLSHp3JvU1y+g9M6BkcB1HZb3QaFvlzf8R4gGvcu X-Received: by 2002:aa7:de85:: with SMTP id j5mr18526614edv.147.1631616656235; Tue, 14 Sep 2021 03:50:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631616656; cv=none; d=google.com; s=arc-20160816; b=ht8DhqeN3vB+LzYbql2ujAr47Pzr4Z0PwFsj1sACAryIlw3xoDFyNMpVR+UvYxPjOX mCOKN+TkFSHXKyDKxcSV7hAp/ZXfEQq4PFxnf29VR0rVpRuz3r7G58dFodoJ+VJFpwo7 dLozZvL1iirlaXjsHrAwNmHd6Qe8VWR0xSBZ/K/DNlMEYFkGq65+OWNkmVPbzwHlY8J0 coI1+KlGwjFm+6c2HGuzdgHj073cWR5UfYv1xl1dOGTeAtsrh5r00fak476pIZATtSNg 4zH0kz57WE4qJ67EBOJTy9RK91tZg5hfLn8ad+Ro0TVoxAjWt3UMaU1mbWIftJtIFEhP NqaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=gDYzGPftYEQAtpidpTj+bQw0oWpHN9TavA0yXqYDoVk=; b=K6vKikkLqzVQbdKRTWsBpmvlbLfTeb+JNNIOGFeZ023LYw1A4/bwtNnJ3iLA/4W5j/ HN4HaCMeVXUQtGlGoaoeB4Db0nUaooj/NhE3i1YYq07mImVrPahypkdZ1m+MDtRKkHZF ODQpAo+JN5B3McRQB07nCxabAOsVs2omyuuQOljfBlJI+u/WmCdmkk21lWN6hUE0vyMT Epp6YiI5FtAHvEbS7ivFthWCP6Hgd6IFLMj+QMtqIPKDh/OZs/5VKOCija6sVHkvQaa/ xdYKAShg2VV8NqgZdk2tX/4ffextZIEgSC1Y6zlijRJOug+0AUDY08gB7ILe7NHfN2PO q/kw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=fTL4gCru; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id b6si1514153edu.126.2021.09.14.03.50.55; Tue, 14 Sep 2021 03:50:56 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=fTL4gCru; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1D2FC68AF19; Tue, 14 Sep 2021 13:50:51 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 33DF468AEC9 for ; Tue, 14 Sep 2021 13:50:45 +0300 (EEST) Received: by mail-pj1-f52.google.com with SMTP id c13-20020a17090a558d00b00198e6497a4fso1797846pji.4 for ; Tue, 14 Sep 2021 03:50:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=u6YjipV/SysXPHpeQKQAn2wcts+WAtWMq5LyKfWB8sk=; b=fTL4gCrubdMia0XgL81Y/gYLq08rvkrzC2/GuK9Mqw7BNJ7lZqgiaOsONMzFyRg0Kp dF275pEWFAmk0iVRnQMBtQ9x9IA1nU/dsqumOncccG6CMFMHpfyJpJ/pCZBL+y5S3zGA 6eQn2qd2VVh5A0fvYYeI/YHRJJaoFBGoR6NkTeiim9gHd12B0qqgXq9Gm2USAgVfzd4F lGLKBfw7ABNnhaa9BJucTH0P33Qj5lUCkYLDD0y4g/EATVIZRbtm4lMLycL5JhEchC8u M+SbgZrJKG8SsriWOxlSADy3trQaFgEzc8jsHJkiC0MO3zC6hdXrCw8lCBsqIqsOJhQ7 DFPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=u6YjipV/SysXPHpeQKQAn2wcts+WAtWMq5LyKfWB8sk=; b=vjdyKIasBDfAE+azWlnNyqlW4wKWNvo7nijp0SF2628Y+Fv0wBbLMlRWjUVKJd/aEu kyhf1nlowJDUPA0C3nI+wyLrquZ7ozInUiv3y2n6Mn+XJxykCuWREdXUdW63u34Mt4Ni jv/l6qyatI+RA8hVz+/5ZBmYE+91DyMJ5ucDLy+vZjS16vhqDfxAu+a+0gSIQs3r7xta tUvyOpLvQm/noohXrOs9QXofQxIRUrIvHjzqb0KtMXGubaEWzWDqa6V69k5lTms2hzPK LvpCBDFQ1xHmb11CnnxTjCGxYB+8Mtd6Qu/3hCd5KPb7VxKAhAX6wE/Jbymf4xATLKCr bZ8A== X-Gm-Message-State: AOAM5301yZk0SCJEox6AZx80cxiqCyW2jVLHRl9Vc0YGQ4i6coZq9zth bhLTPE5JbOulMiD3n7NTE31X/4mbO4Q= X-Received: by 2002:a17:90a:77c2:: with SMTP id e2mr1369740pjs.96.1631616643170; Tue, 14 Sep 2021 03:50:43 -0700 (PDT) Received: from vpn2.localdomain ([161.117.202.209]) by smtp.gmail.com with ESMTPSA id p24sm9905732pfh.136.2021.09.14.03.50.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Sep 2021 03:50:42 -0700 (PDT) From: lance.lmwang@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 14 Sep 2021 18:50:36 +0800 Message-Id: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com> X-Mailer: git-send-email 1.8.3.1 Subject: [FFmpeg-devel] [PATCH 1/3] avcodec/hevc_sei: check size before using it X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Limin Wang MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: e7hz5e9jvSRY From: Limin Wang Signed-off-by: Limin Wang --- libavcodec/hevc_sei.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c index 2c326bf..29d0346 100644 --- a/libavcodec/hevc_sei.c +++ b/libavcodec/hevc_sei.c @@ -52,9 +52,13 @@ static int decode_nal_sei_decoded_picture_hash(HEVCSEIPictureHash *s, GetBitCont return 0; } -static int decode_nal_sei_mastering_display_info(HEVCSEIMasteringDisplay *s, GetBitContext *gb) +static int decode_nal_sei_mastering_display_info(HEVCSEIMasteringDisplay *s, GetBitContext *gb, int size) { int i; + + if (size < 24) + return AVERROR_INVALIDDATA; + // Mastering primaries for (i = 0; i < 3; i++) { s->display_primaries[i][0] = get_bits(gb, 16); @@ -67,23 +71,32 @@ static int decode_nal_sei_mastering_display_info(HEVCSEIMasteringDisplay *s, Get // Max and min luminance of mastering display s->max_luminance = get_bits_long(gb, 32); s->min_luminance = get_bits_long(gb, 32); + size -= 24; // As this SEI message comes before the first frame that references it, // initialize the flag to 2 and decrement on IRAP access unit so it // persists for the coded video sequence (e.g., between two IRAPs) s->present = 2; + + skip_bits_long(gb, 8 * size); return 0; } -static int decode_nal_sei_content_light_info(HEVCSEIContentLight *s, GetBitContext *gb) +static int decode_nal_sei_content_light_info(HEVCSEIContentLight *s, GetBitContext *gb, int size) { + if (size < 4) + return AVERROR_INVALIDDATA; + // Max and average light levels s->max_content_light_level = get_bits(gb, 16); s->max_pic_average_light_level = get_bits(gb, 16); + size -= 4; // As this SEI message comes before the first frame that references it, // initialize the flag to 2 and decrement on IRAP access unit so it // persists for the coded video sequence (e.g., between two IRAPs) s->present = 2; + + skip_bits_long(gb, 8 * size); return 0; } @@ -342,10 +355,16 @@ static int decode_nal_sei_active_parameter_sets(HEVCSEI *s, GetBitContext *gb, v return 0; } -static int decode_nal_sei_alternative_transfer(HEVCSEIAlternativeTransfer *s, GetBitContext *gb) +static int decode_nal_sei_alternative_transfer(HEVCSEIAlternativeTransfer *s, GetBitContext *gb, int size) { + if (size < 1) + return AVERROR_INVALIDDATA; + s->present = 1; s->preferred_transfer_characteristics = get_bits(gb, 8); + size--; + + skip_bits_long(gb, 8 * size); return 0; } @@ -451,9 +470,9 @@ static int decode_nal_sei_prefix(GetBitContext *gb, void *logctx, HEVCSEI *s, case SEI_TYPE_PIC_TIMING: return decode_nal_sei_pic_timing(s, gb, ps, logctx, size); case SEI_TYPE_MASTERING_DISPLAY_COLOUR_VOLUME: - return decode_nal_sei_mastering_display_info(&s->mastering_display, gb); + return decode_nal_sei_mastering_display_info(&s->mastering_display, gb, size); case SEI_TYPE_CONTENT_LIGHT_LEVEL_INFO: - return decode_nal_sei_content_light_info(&s->content_light, gb); + return decode_nal_sei_content_light_info(&s->content_light, gb, size); case SEI_TYPE_ACTIVE_PARAMETER_SETS: return decode_nal_sei_active_parameter_sets(s, gb, logctx); case SEI_TYPE_USER_DATA_REGISTERED_ITU_T_T35: @@ -461,7 +480,7 @@ static int decode_nal_sei_prefix(GetBitContext *gb, void *logctx, HEVCSEI *s, case SEI_TYPE_USER_DATA_UNREGISTERED: return decode_nal_sei_user_data_unregistered(&s->unregistered, gb, size); case SEI_TYPE_ALTERNATIVE_TRANSFER_CHARACTERISTICS: - return decode_nal_sei_alternative_transfer(&s->alternative_transfer, gb); + return decode_nal_sei_alternative_transfer(&s->alternative_transfer, gb, size); case SEI_TYPE_TIME_CODE: return decode_nal_sei_timecode(&s->timecode, gb); case SEI_TYPE_FILM_GRAIN_CHARACTERISTICS: From patchwork Tue Sep 14 10:50:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Wang X-Patchwork-Id: 30239 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp4866163iov; Tue, 14 Sep 2021 03:51:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPiv6n8ItW3R4MmvyocnQ0/yJ1mEhgBKC+geoaIp2cksWdF03MwnCt/WfhOtOVh11gzBcm X-Received: by 2002:a17:906:8608:: with SMTP id o8mr18170126ejx.470.1631616665909; Tue, 14 Sep 2021 03:51:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631616665; cv=none; d=google.com; s=arc-20160816; b=v2KUVjfgsRpPWt6ZxZglRXEQIHhahQtVPDr1XC9PryJhwIzc6Pv9slpktnXgzoozMY rMgOdZCpEEq0Wokbn3CIxo8N0gyhetNlan2h4saaSJqRW6FbqvyETUT26AsH4pMSkhzA eBqjcyFEtLRRb/u7etsglbIgGSNgRHEqqc9jkLBctRnkwkP7HlFjZwOGalnbzth/IBJC js5KJX/J0GQCh9yql5twLgZWDg0459iH23uZ5o8k9djmwaE4cwILV2PZ41j/k02FV8xP kGfmeiqpl52TG5XQU1lpTCs+uKl0jW65cgCvOduL8cVRSVhgCsAIC+WRmPAS1Ijm7JIT UkXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=HnTQNdTN6VctHNQdt34r/pCYioeueLeN7TjC3Fas/NE=; b=q+EgUsXhGthj7ElmdfmX+hOPnwPCT/InucViXbvbegcbflxxkF5nDZJw+7/IZ1vi0h qb1EqmJd9KLsx8FoPNEoIeyU/2ifpX/B4rpmyczZFZhRRpgU2CoQrEDHiux5NUoJgObR WzFzUK5+xzMDUCGS6hvQvD9WOQs5leUetaA8iGN7gZXUHdB/mEtJw6Z5+jyIYFM87Q/f qQUJIBL0tOl10zyI0Xw4UjVVWrG3Ht5U6bNK2JoCpZks9UBB6BurknJpwW7MErgjBtUI c6CVLKb0+QpUc7VwP0/TICXo0SPs0U5lEKslGVEP9ZcGgcEDqNHCw4oDQhsMYBWHLflK QoSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="ST/fv/an"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ak17si12250920ejc.44.2021.09.14.03.51.05; Tue, 14 Sep 2021 03:51:05 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b="ST/fv/an"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2B1CD68AF2D; Tue, 14 Sep 2021 13:50:53 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4A94E68AF1A for ; Tue, 14 Sep 2021 13:50:46 +0300 (EEST) Received: by mail-pf1-f175.google.com with SMTP id y17so11784568pfl.13 for ; Tue, 14 Sep 2021 03:50:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=k9RGqg+ZkOcf+IdD1/hMZpMZeWvUzGA91xFEElZEWIU=; b=ST/fv/angrquA3yxvz1zdmLwtD7R6rRKYvnvhyeJw4k9xC2+JRXWs8j+kGNkKefidn MOgNyqvAKD8TiMujCw/DVKXvF/diFz63Y03isREFR1dHGEPtu+iBsk9iwR2y/R7kiC8h /VQftAW0zPWHTHHP/vxMuxhyJEnPJiCA/ta8xdnXurhA5rEo8FilnzVwKhKe67QcXM/y hy3BmprZJZfHVSUjeLC6gyOj/pZmmn6jqtFQOinrjsJgrnuMl+s+mZpy2IP22GmNk/9c Go5yg1BXRp+pF53xnbOnjPEh/d/Xa7Elu8dSRPjPu10SvhFNc/g8iRYoAvm/u+M8wehg N3eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=k9RGqg+ZkOcf+IdD1/hMZpMZeWvUzGA91xFEElZEWIU=; b=EYTPC8AQo8h3PGZBZV7ouMtyJbBsU01dlfiW6a+NXqij8URf1/OTKhuXXp7fP6WofO ljbwdYgKBZWtT0nojGIsI+lSlQR51/mVukGaPLzj7JxtGHzJ5sLOnZJsvf8DKRWSbd4E 2L6OYXOqOr3xoVe4ELqv3uMrn2fZI0/OWAiu72+n67kGORARiB+bqy8CeIwLv+M78kHM UmM9p14ajtvZnqMdBVzGXas6hhPwvb7racWo/bezpbC4QE5WuCz5K65J0q7ytNguKFbO t0eQPfl0jtktVi3UQwD3Q5YFDxrzEdFPMvqly4cRx2GSoWIyE7t2CcD3RrH3WU9p6qzO h5Cg== X-Gm-Message-State: AOAM531V7GGcGki1BGHooicYMaKDqPrEmGV6PeMc23PRcU5wxwxPv3Ag R7b9MtQx+e8gKpFV9szPWwNzPKQ2dPo= X-Received: by 2002:aa7:8426:0:b0:438:3550:f190 with SMTP id q6-20020aa78426000000b004383550f190mr4106225pfn.19.1631616644414; Tue, 14 Sep 2021 03:50:44 -0700 (PDT) Received: from vpn2.localdomain ([161.117.202.209]) by smtp.gmail.com with ESMTPSA id p24sm9905732pfh.136.2021.09.14.03.50.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Sep 2021 03:50:44 -0700 (PDT) From: lance.lmwang@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 14 Sep 2021 18:50:37 +0800 Message-Id: <1631616638-20151-2-git-send-email-lance.lmwang@gmail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com> References: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com> Subject: [FFmpeg-devel] [PATCH 2/3] avcodec/dynamic_hdr10_plus: use AVERROR_INVALIDDATA instead of AVERROR(EINVAL) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Limin Wang MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 4ZZv6llKF+rT From: Limin Wang Signed-off-by: Limin Wang --- libavcodec/dynamic_hdr10_plus.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/libavcodec/dynamic_hdr10_plus.c b/libavcodec/dynamic_hdr10_plus.c index a602e60..854e70d 100644 --- a/libavcodec/dynamic_hdr10_plus.c +++ b/libavcodec/dynamic_hdr10_plus.c @@ -76,7 +76,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t } if (get_bits_left(gb) < 28) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; s->targeted_system_display_maximum_luminance = (AVRational){get_bits_long(gb, 27), luminance_den}; @@ -85,7 +85,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t if (s->targeted_system_display_actual_peak_luminance_flag) { int rows, cols; if (get_bits_left(gb) < 10) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; rows = get_bits(gb, 5); cols = get_bits(gb, 5); if (((rows < 2) || (rows > 25)) || ((cols < 2) || (cols > 25))) { @@ -95,7 +95,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t s->num_cols_targeted_system_display_actual_peak_luminance = cols; if (get_bits_left(gb) < (rows * cols * 4)) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; for (int i = 0; i < rows; i++) { for (int j = 0; j < cols; j++) { @@ -107,7 +107,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t for (int w = 0; w < s->num_windows; w++) { AVHDRPlusColorTransformParams *params = &s->params[w]; if (get_bits_left(gb) < (3 * 17 + 17 + 4)) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; for (int i = 0; i < 3; i++) { params->maxscl[i] = @@ -119,7 +119,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t if (get_bits_left(gb) < (params->num_distribution_maxrgb_percentiles * 24)) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; for (int i = 0; i < params->num_distribution_maxrgb_percentiles; i++) { params->distribution_maxrgb[i].percentage = get_bits(gb, 7); @@ -128,17 +128,17 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t } if (get_bits_left(gb) < 10) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; params->fraction_bright_pixels = (AVRational){get_bits(gb, 10), fraction_pixel_den}; } if (get_bits_left(gb) < 1) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; s->mastering_display_actual_peak_luminance_flag = get_bits1(gb); if (s->mastering_display_actual_peak_luminance_flag) { int rows, cols; if (get_bits_left(gb) < 10) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; rows = get_bits(gb, 5); cols = get_bits(gb, 5); if (((rows < 2) || (rows > 25)) || ((cols < 2) || (cols > 25))) { @@ -148,7 +148,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t s->num_cols_mastering_display_actual_peak_luminance = cols; if (get_bits_left(gb) < (rows * cols * 4)) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; for (int i = 0; i < rows; i++) { for (int j = 0; j < cols; j++) { @@ -161,12 +161,12 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t for (int w = 0; w < s->num_windows; w++) { AVHDRPlusColorTransformParams *params = &s->params[w]; if (get_bits_left(gb) < 1) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; params->tone_mapping_flag = get_bits1(gb); if (params->tone_mapping_flag) { if (get_bits_left(gb) < 28) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; params->knee_point_x = (AVRational){get_bits(gb, 12), knee_point_den}; @@ -175,7 +175,7 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t params->num_bezier_curve_anchors = get_bits(gb, 4); if (get_bits_left(gb) < (params->num_bezier_curve_anchors * 10)) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; for (int i = 0; i < params->num_bezier_curve_anchors; i++) { params->bezier_curve_anchors[i] = @@ -184,11 +184,11 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t } if (get_bits_left(gb) < 1) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; params->color_saturation_mapping_flag = get_bits1(gb); if (params->color_saturation_mapping_flag) { if (get_bits_left(gb) < 6) - return AVERROR(EINVAL); + return AVERROR_INVALIDDATA; params->color_saturation_weight = (AVRational){get_bits(gb, 6), saturation_weight_den}; } From patchwork Tue Sep 14 10:50:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Wang X-Patchwork-Id: 30241 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp4866232iov; Tue, 14 Sep 2021 03:51:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4jEpKbjeiTZGeVGJtjr676pAODv8AcSehn/++SADKJx6/ejp5oFfYMmLQihp31mj+YoE4 X-Received: by 2002:a17:906:9b1:: with SMTP id q17mr18050769eje.546.1631616674891; Tue, 14 Sep 2021 03:51:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631616674; cv=none; d=google.com; s=arc-20160816; b=QHvN1I4Ug6pIgS8+um20iAqXwiuc0OI8GMkt1+ksC2DBvMM9QJB/dZBzAsx8m91OB3 85OJCy/VNDwbAnA2NhLkNDtDXGaAUZ9xrRZTxsqgKMCREWMeliFYL8fw6u6QAKXLbRFM nJMZzxIckhandXfKa5kInIjaguAKpQ/Qqba+lHNSzJ0JNmFk6iQ4NeaG25SMNPiyw2T9 rYmzZRGSpXhMkklefC5MMQVqXT1ulL8tDbB4XQ2t8ttyftuyUkzra32T0gzFYStOFSNw gBAuar5AdbSUmwBL3058ZxtFUXTP8FBd/jRgdOjjKmL7tDd0o+2zMQx+hHdq8x3TX5JB hOkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=GH3rZioSbg/q1bbuJNQ7mJy9WVCVDTqB1rdPZ1LhjAs=; b=lbVgzB3OcYzSYw6ouac0d5+t2lQoET1oGX6XTkz+Yt+rYH5U+YX/fH6/C3M97+L4Vo MXJnD7jQe1BPlENsICW2b/Plo+/zUFnxb9Z+7k9KByKkvEVPOauZ53kQaByOtyRZ5WI1 8NEozKaqQMdfLmsmC1QyI41/PTKXiBrK/C3Y6+0VgX17o9AHEfuReA3F/IseQT3/67W4 kJBvnRwLIhJH9KyKw8WMvdt1bULrrzg3zXfJrZ3uq9v4ZaVoH9vdz3CB3ElL9LI4Lh3R 3dKWXBinpUBS/Mkk1M6E+yuZ+aDU+rX65urfKZlUa6159mEOEQZT09UaJUugd52C/3ST iXng== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=U+t6Xawj; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id k13si10970065ejp.411.2021.09.14.03.51.14; Tue, 14 Sep 2021 03:51:14 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=U+t6Xawj; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5322A68AF35; Tue, 14 Sep 2021 13:50:54 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5452268AF0C for ; Tue, 14 Sep 2021 13:50:47 +0300 (EEST) Received: by mail-pf1-f173.google.com with SMTP id y17so11784597pfl.13 for ; Tue, 14 Sep 2021 03:50:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=FQ3wcnyvbEuekeD+mi3fgORPn7WkcttAu3ctdxmM8N0=; b=U+t6XawjXpI9hJXwSqHk9mPsnTDEzkmkMT916h/rCobhqpHdKdEmX7TzbIGeBaJ3B/ 0wM7zBc8KXPVVhug7kjsZLJn+JpSboL6Q5TgEHZFrieYmYarzzYplkzT+Bi72D0sVz3E OdYv8jf+am0//vTra5o0MfkVhcqlBELi+0viWFN6ZPxQYs/la6/Q/g+FcePDyk+eL6Cr TjmDq6bWqyAe2nlbfD2V9lF/c3GE/mD7kyV4FWtR6dXnoRGNnJtK/UrzUoCwpengBAVO MvGNPnUi19XxQ//LJ0o2Qx4484fyZT+m0Bf8aeegPF7ZBpk3eoCeK9aIPpaXNCZKZ1Yq +nyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=FQ3wcnyvbEuekeD+mi3fgORPn7WkcttAu3ctdxmM8N0=; b=oAeE74hML9vY48+dHuNka8SiPMTabGogOjVgAfbGRqujxyZHKRX6RfuJmMeuJaSHrM DL00II4nAqXF5fkiycfFMOF7ZpThvE3ZYDUag0yh4x24DOfcnGBO841FQrb9Bih0nPPz ibf37M+DkxgOJFEw9cY/AjK4Yz3JFc11oI1+7grF+09OdJ2ZkQvAkjrpVN1QmLXOFxtl owp7aNfCMuExHqN/3fGPbfvjXxPNRNvvXdW9D2yBfpL/nfmVwyYFZ8fchSgJIHi+8oOU jca4auUREh6n3bV+hmmkGbNcLdeN77fVbG9mKdyPd/yP636oYOLcNoWg6bULOaLz34Nz AE8g== X-Gm-Message-State: AOAM532B6EMRyaYIdZ3deBCFdePqrNfP6n7i4MLI0OY7lJf111x2ODtq 9XcINxH0gh02OKsbtn2Gb5Ek2kXwCTg= X-Received: by 2002:a62:798f:0:b0:438:faa3:5508 with SMTP id u137-20020a62798f000000b00438faa35508mr4101293pfc.75.1631616645606; Tue, 14 Sep 2021 03:50:45 -0700 (PDT) Received: from vpn2.localdomain ([161.117.202.209]) by smtp.gmail.com with ESMTPSA id p24sm9905732pfh.136.2021.09.14.03.50.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Sep 2021 03:50:45 -0700 (PDT) From: lance.lmwang@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 14 Sep 2021 18:50:38 +0800 Message-Id: <1631616638-20151-3-git-send-email-lance.lmwang@gmail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com> References: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com> Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/dynamic_hdr10_plus: check size before using it X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Limin Wang MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ENSNve+AS8zM From: Limin Wang Signed-off-by: Limin Wang --- libavcodec/dynamic_hdr10_plus.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/dynamic_hdr10_plus.c b/libavcodec/dynamic_hdr10_plus.c index 854e70d..34a44aa 100644 --- a/libavcodec/dynamic_hdr10_plus.c +++ b/libavcodec/dynamic_hdr10_plus.c @@ -40,10 +40,10 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t if (ret < 0) return ret; - s->application_version = get_bits(gb, 8); - - if (get_bits_left(gb) < 2) + if (get_bits_left(gb) < 10) return AVERROR_INVALIDDATA; + + s->application_version = get_bits(gb, 8); s->num_windows = get_bits(gb, 2); if (s->num_windows < 1 || s->num_windows > 3) {