From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id D14EA402E1 for ; Wed, 23 Mar 2022 07:25:46 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8EB8F68B058; Wed, 23 Mar 2022 09:25:43 +0200 (EET) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 67E5B6800E0 for ; Wed, 23 Mar 2022 09:25:36 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648020341; x=1679556341; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=1StQXFMJjxYHg6G4XXO4SMEkeEbqhYQmkHidEScRlfc=; b=VbjjmiwnN4F5YHA32ueQSMXY6ZHRMAEM6eKZPL4KJFEtd/KMS9vc4fed t4VPxsoqJs8Tx26jqnqx5i9I7uwWapu4Eyd5wLnMeSIhhfBA3+xn5qyf/ bNvosIDDqhGtNnTethYQNvmPHDZUUn10z+WCHzjbvR7Lb7ZWGtHBuH5Bs Le1v0c2sdUE5tHGkS+Wkbp3wumBbU8xab3V6CDklpdlfJttf7WHYYYC2+ zcETgm6kcfb7hTCJ5URFhTRqZAG/j5rdo64lGcHhCkSeBhj6O8V0bthIA RAWEhmnL1psBPK6uTZUgKvi5sdROIWE30AYTC7Z8cwpp+kIQ12xPMB7V8 A==; X-IronPort-AV: E=McAfee;i="6200,9189,10294"; a="238647230" X-IronPort-AV: E=Sophos;i="5.90,203,1643702400"; d="scan'208";a="238647230" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2022 00:25:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,203,1643702400"; d="scan'208";a="500905544" Received: from wenbin-z390-aorus-ultra.sh.intel.com ([10.239.35.4]) by orsmga003.jf.intel.com with ESMTP; 23 Mar 2022 00:25:33 -0700 From: Wenbin Chen To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 15:25:07 +0800 Message-Id: <20220323072507.584505-1-wenbin.chen@intel.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] libavcodec/cbs_av1: Add size check before parse obu X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: cbs_av1_write_unit() check pbc size after parsing obu frame, and return AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu frame will be parsed again, but this may cause error because CodedBitstreamAV1Context has already been updated, for example ref_order_hint is updated and will not match the same obu frame. Now size check is added before parsing obu frame to avoid this error. Signed-off-by: Wenbin Chen --- libavcodec/cbs_av1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1229480567..571d3c15c3 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, put_bits32(pbc, 0); } + if (8 * unit->data_size > put_bits_left(pbc)) + return AVERROR(ENOSPC); + td = NULL; start_pos = put_bits_count(pbc); @@ -1196,9 +1199,6 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, flush_put_bits(pbc); av_assert0(data_pos <= start_pos); - if (8 * obu->obu_size > put_bits_left(pbc)) - return AVERROR(ENOSPC); - if (obu->obu_size > 0) { memmove(pbc->buf + data_pos, pbc->buf + start_pos, header_size); -- 2.32.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".