From patchwork Wed Mar 23 07:25:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Chen, Wenbin" X-Patchwork-Id: 34919 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:ab0:5fda:0:0:0:0:0 with SMTP id g26csp826363uaj; Wed, 23 Mar 2022 00:25:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy7sChy2V/a2GrTU0pt5V6DdMdmJU+EXotdlZs2lbgkSQZ2ZDsd42uRyRMXu0LKNoEsC1Cy X-Received: by 2002:a05:6402:3488:b0:419:172c:e287 with SMTP id v8-20020a056402348800b00419172ce287mr24716831edc.87.1648020348418; Wed, 23 Mar 2022 00:25:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648020348; cv=none; d=google.com; s=arc-20160816; b=jq5Q4d8bAHWkc4YMK+tmQ+S6/r9GYQpTR2xiaRT+KbB55LFby3Iwxnn3Ap5PMvFwbx NBBipqY59U15bD1SS3dutTg/nFYNj760pun0CKJ4gNgKN0z7rALOFyEAhZriCQjRXvjy irDr2s3hEjs97GahfZtjgWPj98y4kj0RYS/Fi8tj5xzQWUHr+ks4j3POWDuiPLacfOw5 JtpDh2pXFJ1x0KCj9NQAL2S9BJgLoOXyY8pY2IXEEfnwfCoNVLZ3YMyi19w1pQUHoRZc DlfOTUDs1xYkvJWaZxjWRbUYeKZaw7hSlfOsysUqz+stY9Zl/SIoZZt1i002tV9Lk4fN s7aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=4rpSLsePn17Un5H/oOKheleNK/aDKeM8A66aM2oYjIQ=; b=u49dVw0y0cbhuz2Xb9NuylbZ8LrUB85iQjvflT9VxDI+3xuo9VGP2bgqtcklR6/I3j +zIJ4ZT0FO7Jnvqxw+7h0xidIiVVYfhX+sRBqBTltWnS5pXAIkf9zmw7CbHUUOFXcjL9 bF59NRGsNJSq944/CFpTsy4oxLu9yhRDWkSe7dXm5NwV9HtxA4qdyuMczKNnd0eKzP7b beE52gSAt4ERdCFGaOuoIBHJToovd1V3LluR0fRktXlACZxZkJimT6hy+bwTW7Zej3Mg Zua7pOdxPzraePMRHInOZ0tsXUM54hufxtTdehPnVBdf2i8MGc0rTklQiKtXKrFvYSsc 1+/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=Vbjjmiwn; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id o17-20020a50c291000000b00418c2b5be83si14341083edf.357.2022.03.23.00.25.47; Wed, 23 Mar 2022 00:25:48 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=Vbjjmiwn; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BC0A668B080; Wed, 23 Mar 2022 09:25:43 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 67E5B6800E0 for ; Wed, 23 Mar 2022 09:25:36 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648020341; x=1679556341; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=1StQXFMJjxYHg6G4XXO4SMEkeEbqhYQmkHidEScRlfc=; b=VbjjmiwnN4F5YHA32ueQSMXY6ZHRMAEM6eKZPL4KJFEtd/KMS9vc4fed t4VPxsoqJs8Tx26jqnqx5i9I7uwWapu4Eyd5wLnMeSIhhfBA3+xn5qyf/ bNvosIDDqhGtNnTethYQNvmPHDZUUn10z+WCHzjbvR7Lb7ZWGtHBuH5Bs Le1v0c2sdUE5tHGkS+Wkbp3wumBbU8xab3V6CDklpdlfJttf7WHYYYC2+ zcETgm6kcfb7hTCJ5URFhTRqZAG/j5rdo64lGcHhCkSeBhj6O8V0bthIA RAWEhmnL1psBPK6uTZUgKvi5sdROIWE30AYTC7Z8cwpp+kIQ12xPMB7V8 A==; X-IronPort-AV: E=McAfee;i="6200,9189,10294"; a="238647230" X-IronPort-AV: E=Sophos;i="5.90,203,1643702400"; d="scan'208";a="238647230" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2022 00:25:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,203,1643702400"; d="scan'208";a="500905544" Received: from wenbin-z390-aorus-ultra.sh.intel.com ([10.239.35.4]) by orsmga003.jf.intel.com with ESMTP; 23 Mar 2022 00:25:33 -0700 From: Wenbin Chen To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 15:25:07 +0800 Message-Id: <20220323072507.584505-1-wenbin.chen@intel.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] libavcodec/cbs_av1: Add size check before parse obu X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: /2P2uzbEHw3B cbs_av1_write_unit() check pbc size after parsing obu frame, and return AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu frame will be parsed again, but this may cause error because CodedBitstreamAV1Context has already been updated, for example ref_order_hint is updated and will not match the same obu frame. Now size check is added before parsing obu frame to avoid this error. Signed-off-by: Wenbin Chen --- libavcodec/cbs_av1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1229480567..571d3c15c3 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, put_bits32(pbc, 0); } + if (8 * unit->data_size > put_bits_left(pbc)) + return AVERROR(ENOSPC); + td = NULL; start_pos = put_bits_count(pbc); @@ -1196,9 +1199,6 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, flush_put_bits(pbc); av_assert0(data_pos <= start_pos); - if (8 * obu->obu_size > put_bits_left(pbc)) - return AVERROR(ENOSPC); - if (obu->obu_size > 0) { memmove(pbc->buf + data_pos, pbc->buf + start_pos, header_size);