From patchwork Wed Sep 21 09:41:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Chen, Wenbin" X-Patchwork-Id: 38130 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp2492605pzh; Wed, 21 Sep 2022 02:43:47 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7+0O2RgIR0IM8d4P8YL/d3ROePCNS2fPIjZFOr8JZ8VsxWOAJgU7JCgaoxYW6yzfncbcNY X-Received: by 2002:a17:907:72d2:b0:77a:b7e2:8ce0 with SMTP id du18-20020a17090772d200b0077ab7e28ce0mr19297465ejc.680.1663753427255; Wed, 21 Sep 2022 02:43:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663753427; cv=none; d=google.com; s=arc-20160816; b=SqDm/M+HNKPJwGbzBMOjEUthVMqNqQE1ChWoRrYTYSfc1XkFZN3UV+i2QqTuAIUFL/ wsrRa1vnSKgwtcR/xtaGbacmrtkoFwhDRPn/SB/h0plU+ZkmGaGtdlOaNSXQT3on8S26 0Jm4mTki+yO+59Ljg5IneliW/ygjxT/oX82Gm8+J9yzEITM/m8KRwq5XDyzibIjmMF/H c4cWj3xhs46njwTiLqfItVFOCuhv224vQ3r5bPhKiUdGWTpskEL2RQw0m/QF9samXPCS Q0PPexq52Yluv5BbT6QMP6FRTMvRowdqgmKEI69d2VG3Qz6T/tKSSQcFfxnBxff6lVa5 bB2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=1tgaOgyXfKTmLerBh8oercwM8N6RB3F6fsjK8zaHpIg=; b=kiGKbyzkFqP8II9hJhQbj2DAdxqLx2xJeZVlSNGjaVI6P1FaS/0tknLfsel1CcIgwF I8w8yTKf1KAlgoX7TUODszA7HG9y/Pq/BQ68s8MD3AztcQqk+sLtc5dOu/hSWFPmGhIL dacyzyawIE3+Yx9mIlylit/qsick8o2k0arlICk/WFvizg+OWZVz/2wOVwLvus5sD6Ny DNtN9abKxZ9hZuTMq9mPi3+tSg6L79R2UoANRwx/Qat7gtjLVcMmLiKKx/Ad655lwSae nRMFxjL8oiRC64rscrYvTOXWbF12rhZZaJsD7GojXkCZ94SF5wsU3ysvR/qDVtnqX+Ta tTdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=cSgBIvdJ; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id m17-20020a056402511100b00443dbda68c1si2366419edd.176.2022.09.21.02.43.33; Wed, 21 Sep 2022 02:43:47 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=cSgBIvdJ; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 58EB468BB7F; Wed, 21 Sep 2022 12:43:31 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AA95B68BAB7 for ; Wed, 21 Sep 2022 12:43:23 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663753408; x=1695289408; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=37F9ORzzCOpFgDWy0vJUJGhdCac35UM9PgJeBvRRljU=; b=cSgBIvdJ5YQ+fmZuT5DDhDYrZnsGyaECfxwy3cBzYx3ppPNYhcxLDnHk RMe766ntDqZ6KYE/Z1VPrZSttyVjREQzlyOrirQqPrLkybi0tTaGKKTtA Aky7dAOVhA1Y1bVUmgS+k6bv4RaXmIeluFhT5i66+rJFLpNQaohyryepe yTtFbw7F8O07ilY9kLjFOHAvKSIWBFzElTsy77Lyty2q7gHNdFTISFp6C EFKzAmm0i9+lYVeoXYPdBjg02O/ixBMyjJtA2aTD86l702M1HhMzm6Dg2 GljGA4WQnIehZ133gV5mAqK2BjA+Y4YvYUovbe9L5+ukATQZAdPeUPeTy A==; X-IronPort-AV: E=McAfee;i="6500,9779,10476"; a="386240661" X-IronPort-AV: E=Sophos;i="5.93,333,1654585200"; d="scan'208";a="386240661" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Sep 2022 02:43:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,333,1654585200"; d="scan'208";a="687801439" Received: from wenbin-z390-aorus-ultra.sh.intel.com ([10.239.35.4]) by fmsmga004.fm.intel.com with ESMTP; 21 Sep 2022 02:43:20 -0700 From: Wenbin Chen To: ffmpeg-devel@ffmpeg.org Date: Wed, 21 Sep 2022 17:41:24 +0800 Message-Id: <20220921094124.1749099-1-wenbin.chen@intel.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v4] libavcodec/cbs_av1: Add size check before parse obu X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: z6LPwJEYI/wD cbs_av1_write_obu() check pbc size after parsing obu frame, and return AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu frame will be parsed again, but this may cause error because CodedBitstreamAV1Context has already been updated, for example ref_order_hint is updated and will not match the same obu frame. Now size check is added before parsing obu frame to avoid this error. Signed-off-by: Wenbin Chen --- libavcodec/cbs_av1.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 154d9156cf..9c51a8c7c8 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, put_bits32(pbc, 0); } + if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc)) + return AVERROR(ENOSPC); + td = NULL; start_pos = put_bits_count(pbc);