From patchwork Thu Apr 20 13:14:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 41279 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:4645:b0:e3:3194:9d20 with SMTP id eb5csp488283pzb; Thu, 20 Apr 2023 06:14:30 -0700 (PDT) X-Google-Smtp-Source: AKy350bMLLeIROc9Ra6o6DnG+t8dOdZJHt2u96GpiTfG6XNrusaI/pXKK4bIBK8FJBaOXdKAyl74 X-Received: by 2002:a05:6402:2033:b0:508:3f06:8fd1 with SMTP id ay19-20020a056402203300b005083f068fd1mr1723915edb.29.1681996470300; Thu, 20 Apr 2023 06:14:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681996470; cv=none; d=google.com; s=arc-20160816; b=NDhpKjyNcd7lsAZ1l/SQkc70kjPrL9rPpobH0nF6UJ8BoQ2feCATIAaruRQDAHm3Y+ zB7Vc3Q4J5cjFuKJOa4FYgUV9ZYyTp/5ab6eDntz5AuhQBJWkbGcmDdYlVFNA4rK8+un ghhHGmRFETpAuK3RDM4AcDCouLdEjJb6cbsXsTZxf0PgZk/eUAaAvEXKBlc7W1aJLxMm Gsl+9JxqlcwwrqWZsrIgkEuCVuvMra9LayojxFdkMKm2hKEsgPS4f3vE3wEhUQGvyoaK vWfOAJhpCIWjWyY2ZIW7ozJw8mPJsTRjOHhqVYfx/tTobNUZt3S+XQKa+LOjbgqnc/aq mMUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=ZEC/3JRBySU47Hqa7uO+K1NxU8EPrl+Sz4BalstpNhQ=; b=BrdI7JkX+HclA7wFqMOS7Lt3EMVeJSVHdV6F3DPRn2VONvEezbot6bUkN4E/bQ8Rl1 vU0sHp6k2bvEx2fAll388HSyGy6mBGMv420VbRqRkcfGyJsK2yXKpHlVBvMTyKMVBDPd ZiHMpJ0kYmVmvaA39fYMZnA1L1BUx+aNwCAQEWWkle7aKSnNDd4Pjz+ny6MY8UNKjqL4 JJ81pR6GgtbHffpEpdJgqmyNATqm5i7Khl37UeC1z5Sbm59Cy1z1tvAiR8UOkQVAT5fN x3weULF4WAbSx0moMe8ogLBQ68q8fW5GBzCEwH6DhcuUtnkR/OzbQY2r14pV7HwJlRcf 3Kug== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=fIoGMbAn; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id h17-20020aa7c951000000b005069cce7194si1691126edt.71.2023.04.20.06.14.25; Thu, 20 Apr 2023 06:14:30 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=fIoGMbAn; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E846A68BE31; Thu, 20 Apr 2023 16:14:21 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-oo1-f53.google.com (mail-oo1-f53.google.com [209.85.161.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CEF9B68BE2B for ; Thu, 20 Apr 2023 16:14:15 +0300 (EEST) Received: by mail-oo1-f53.google.com with SMTP id 006d021491bc7-541b61d166aso536734eaf.2 for ; Thu, 20 Apr 2023 06:14:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681996454; x=1684588454; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=Z1RRX8g0iVXi9zg7ONypQiO/S0LsGGlM4RJJgNa8+vM=; b=fIoGMbAn4pZDOY4WfrMc8L72QsDBFza9qDrKmPe31D9D/NV7MIZ1yaxGIQWI9pcV/Y UrnNsaoZvewCbE9wY6fsKFSIMkMhAnmeLNa2na2vZoy7DLORE983vO3U4GCvpTgcYqTy 37J+Nb5MLaWOrpRtfdMjCME25jGCXE3esuAmQs2lKlzwQBEZB5HtUaWLzDCqPz/6fqDl TbMlaRBZpOWbQHr7piPHHw7TdCO3Sj0apaK4mhz51dUKPsRuhFhVkQrnKiDrbvkJfy2I IPsQ7LYWpePU36Cq/PeEFwPvpL3DQV0KVcbzdih/211VSUDk+pZ3n5sQvskcoc8+MiiN mpLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681996454; x=1684588454; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z1RRX8g0iVXi9zg7ONypQiO/S0LsGGlM4RJJgNa8+vM=; b=CvDtK+5V0yRI585uT5ZBgZxenKRcKT7f8y1/CRfWbli2wtPsHxdrYc3BSq/LtNR7Lb SKsF1uPRSUNHF3D4ufEvBLF6mcj1wdpuSYCYfXNpzlUFmxg/23orBCEdnYEJgUk4xKPG khHbxLDuugjqPejp3gKjFrF72+Wh1XpfNLyG18WfeRneiyf1mMhooKw5rEJvBOPVYN+T hhtlFkjyExdj1rEQJtHm8V39SU6iEUkPPVvj4HfNVTt2PaPLRj6KNv4fU33p7QHttQ9u Qii0D1t7CfoJQ5E1Y6oMWLBTPclskJebGNkldLIY3ed4vS7g51kkpzFvgdS5vD3P5Jaf I8PA== X-Gm-Message-State: AAQBX9ftpIukoXFFDwXSA9g8Zlwu0tVMulxO7Yl+6bm7ZwdwL8DD8DDX IrvOUhVbYQFCbug8JX4+fjSl3EbNopU= X-Received: by 2002:a05:6808:1b25:b0:38b:c0aa:5ae0 with SMTP id bx37-20020a0568081b2500b0038bc0aa5ae0mr966415oib.55.1681996452175; Thu, 20 Apr 2023 06:14:12 -0700 (PDT) Received: from localhost.localdomain (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id 26-20020a056870131a00b00177ba198612sm687086oab.53.2023.04.20.06.14.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Apr 2023 06:14:11 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 20 Apr 2023 10:14:04 -0300 Message-Id: <20230420131404.8789-1-jamrial@gmail.com> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avcodec/hevcdec: further constrain some slice header field values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: /MYojQIWGl3M num_ref_idx_l0_active_minus1, num_ref_idx_l1_active_minus1, num_ref_idx_l0_default_active, and num_ref_idx_l1_default_active are all in the range 1 to 15, inclusive. Signed-off-by: James Almer --- libavcodec/hevc_ps.c | 10 ++++++++-- libavcodec/hevcdec.c | 6 +++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 7401ea23f5..f29f783f77 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1762,8 +1762,14 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, pps->cabac_init_present_flag = get_bits1(gb); - pps->num_ref_idx_l0_default_active = get_ue_golomb_long(gb) + 1; - pps->num_ref_idx_l1_default_active = get_ue_golomb_long(gb) + 1; + pps->num_ref_idx_l0_default_active = get_ue_golomb_31(gb) + 1; + pps->num_ref_idx_l1_default_active = get_ue_golomb_31(gb) + 1; + if (pps->num_ref_idx_l0_default_active >= HEVC_MAX_REFS || + pps->num_ref_idx_l1_default_active >= HEVC_MAX_REFS) { + av_log(avctx, AV_LOG_ERROR, "Too many default refs in PPS: %d/%d.\n", + pps->num_ref_idx_l0_default_active, pps->num_ref_idx_l1_default_active); + goto err; + } pps->pic_init_qp_minus26 = get_se_golomb(gb); diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index 1a0beac901..0fa4fdd59d 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -773,11 +773,11 @@ static int hls_slice_header(HEVCContext *s) sh->nb_refs[L1] = s->ps.pps->num_ref_idx_l1_default_active; if (get_bits1(gb)) { // num_ref_idx_active_override_flag - sh->nb_refs[L0] = get_ue_golomb_long(gb) + 1; + sh->nb_refs[L0] = get_ue_golomb_31(gb) + 1; if (sh->slice_type == HEVC_SLICE_B) - sh->nb_refs[L1] = get_ue_golomb_long(gb) + 1; + sh->nb_refs[L1] = get_ue_golomb_31(gb) + 1; } - if (sh->nb_refs[L0] > HEVC_MAX_REFS || sh->nb_refs[L1] > HEVC_MAX_REFS) { + if (sh->nb_refs[L0] >= HEVC_MAX_REFS || sh->nb_refs[L1] >= HEVC_MAX_REFS) { av_log(s->avctx, AV_LOG_ERROR, "Too many refs: %d/%d.\n", sh->nb_refs[L0], sh->nb_refs[L1]); return AVERROR_INVALIDDATA;