From patchwork Wed Aug 17 02:51:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Chen, Wenbin" X-Patchwork-Id: 37319 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3d0d:b0:8d:a68e:8a0e with SMTP id y13csp2221261pzi; Tue, 16 Aug 2022 19:53:22 -0700 (PDT) X-Google-Smtp-Source: AA6agR6ZWChWsiVi4mMCIOSLkTl5JdR4czTDZsawduxlsdskL7lZr85NIo96iuYEfX7q3D03NEeU X-Received: by 2002:a17:906:9753:b0:732:f809:e539 with SMTP id o19-20020a170906975300b00732f809e539mr15415826ejy.235.1660704802211; Tue, 16 Aug 2022 19:53:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660704802; cv=none; d=google.com; s=arc-20160816; b=CNWrS/jgZ8QJAIFp+arPeqBfAWlOti6BmuyxOlMGbrIOam6bjfEDrVPqOF4nZnWuPP Y92q1oR353Pp6WQ098IFqjgGOo7e1WojH74/cqnQGkdnNjffrmmoVdb2jrT+fUUVE7/E D0cj5qO6h8BEcpM1JlVhEYmiM2XRu4RClDg6EpwZ3wTJZT4bRvc88PxoVJRT8Qhzi9oS J5jG/myYK38SHjyva3xzoeRUtVfhTClKzGaDm8N5+fTsXdq9+PsTTXMO/iiD8iURt481 QzczMvVzQLKMTTriZXfPw188SuC8yP6jm0nOcodrAwhDprsmv2xvK8TA75UEKX662JeF DIOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=D5AQYzaAaBX8/bmOQlRLw2ZVqCsgvcE4V2VIqReEwlY=; b=xd0Kav993EkrmPi0l5bKjMKqrV6uL0/kFoxMJsaktAqP4AQZm387pGQjjXa4RqpZWs jViHcunD/wl6ZnfKuOkOZlq8ynMuinVJwa/Z8usreeFlXkFDFNr89GYwMs44lpcoa+aG K3VMCngms8W3sFfcMS3qQBKi38KzptK/Y5hZvvhgZByQmiDBNen3xbbmtCbVEKFXXSNh qeqvWXrTZCODhn9wLX1lB6kgUB07ILbGFjfsi0BcfNvJznBIukloGZGxPSlVLG6mdyEm 4ErJJWmErjuKc295dE7SNrl/3lXkKbySgAjXo2H3Oa2/v+ESYuUW8I7z32jOqbVL4DSa uzog== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=Q00SnAmN; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id nd30-20020a170907629e00b0072b7c7bc036si11531159ejc.78.2022.08.16.19.53.21; Tue, 16 Aug 2022 19:53:22 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=Q00SnAmN; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 685AF68B913; Wed, 17 Aug 2022 05:53:18 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6148068B8A4 for ; Wed, 17 Aug 2022 05:53:11 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1660704796; x=1692240796; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=4xxHeMBMuYkHvjI9tMcORUu2eEE6TcT2HE4+o1MdcOU=; b=Q00SnAmNyfrrZODpk5F0/Wj37F9Izzwt28VrG3EtN84xjfwmhPGyv5xL 2OocrEAHYGFJutdrS9rQNbngN+rhbSTN1eCnt48oofJr5fGXu+iC6Fmby Tu9NdexftQIsZayLORU8CkiItuoK8QSo1sWbpDcvpw+g2l1vFwIT85Kx1 Z23P8BLH6pNQoEANfs3GJgsBWs5SkCFVt1tzbRP6P3plWLcPPeklsL7yv iD6Lj8lCMGIEOkcfeIIIvAnpPV6UvzqkspXu00w1u40oJ8/9rRJ2t5ehg FR2EGJcsm6o+qm07nZ76zaXLMfvmBje5aMK+mgiWlQekMbR+KpeT1C6tB A==; X-IronPort-AV: E=McAfee;i="6400,9594,10441"; a="275440376" X-IronPort-AV: E=Sophos;i="5.93,242,1654585200"; d="scan'208";a="275440376" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Aug 2022 19:53:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,242,1654585200"; d="scan'208";a="935168769" Received: from wenbin-z390-aorus-ultra.sh.intel.com ([10.239.35.4]) by fmsmga005.fm.intel.com with ESMTP; 16 Aug 2022 19:53:08 -0700 From: Wenbin Chen To: ffmpeg-devel@ffmpeg.org Date: Wed, 17 Aug 2022 10:51:10 +0800 Message-Id: <20220817025110.24169-1-wenbin.chen@intel.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3] libavcodec/cbs_av1: Add size check before parse obu X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: HtciDdyv8SeU cbs_av1_write_unit() check pbc size after parsing obu frame, and return AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu frame will be parsed again, but this may cause error because CodedBitstreamAV1Context has already been updated, for example ref_order_hint is updated and will not match the same obu frame. Now size check is added before parsing obu frame to avoid this error. Signed-off-by: Wenbin Chen --- libavcodec/cbs_av1.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 154d9156cf..9c51a8c7c8 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, put_bits32(pbc, 0); } + if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc)) + return AVERROR(ENOSPC); + td = NULL; start_pos = put_bits_count(pbc);