From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id AA00C4219F
	for <ffmpegdev@gitmailbox.com>; Tue, 29 Mar 2022 08:29:58 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A9A1068B269;
	Tue, 29 Mar 2022 11:29:55 +0300 (EEST)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 44D6668B168
 for <ffmpeg-devel@ffmpeg.org>; Tue, 29 Mar 2022 11:29:48 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1648542594; x=1680078594;
 h=from:to:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=6I1Df60RgikNhnsBoCiV5b4iVlu9d4t04oyJxaZr2us=;
 b=mtW8bWcUOnO/AlpFPe0aoUhVIMcf6Gu/N5J9/pqiBmo7I/CQGwdMUPkN
 una+PG7L42ck37aKi8UZLK12l5lI+exgpZhDKD95TkrOHSTg7kpT9hPp0
 wnFn8nz/o2YkxLHBwo/hN9lcpjB4xsP2+5nsUo+banIfsTDUJFPCfyDkA
 4apIOy1mfg54gzIcVAX6uoas/OLkrylLx9Co4qWo3li94tdBlDIOiPs5t
 lZ5l8ZEAlnwALza1R46cXdJ+TDrnoHtyyMG90mMrJU+W8bYFQy7N5wlKA
 E8nQSj67zlkJeKY98nVelSIFC1/KUaOuIVe+a4b6bcq33pqqHwdY9zioy A==;
X-IronPort-AV: E=McAfee;i="6200,9189,10300"; a="241349581"
X-IronPort-AV: E=Sophos;i="5.90,219,1643702400"; d="scan'208";a="241349581"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 29 Mar 2022 01:29:47 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,219,1643702400"; d="scan'208";a="564435531"
Received: from wenbin-z390-aorus-ultra.sh.intel.com ([10.239.35.4])
 by orsmga008.jf.intel.com with ESMTP; 29 Mar 2022 01:29:46 -0700
From: Wenbin Chen <wenbin.chen-at-intel.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 29 Mar 2022 16:29:21 +0800
Message-Id: <20220329082921.756174-1-wenbin.chen@intel.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v2] libavcodec/cbs_av1: Add size check before
 parse obu
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20220329082921.756174-1-wenbin.chen@intel.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

cbs_av1_write_unit() check pbc size after parsing obu frame, and return
AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
frame will be parsed again, but this may cause error because
CodedBitstreamAV1Context has already been updated, for example
ref_order_hint is updated and will not match the same obu frame. Now size
check is added before parsing obu frame to avoid this error.

Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
---
 libavcodec/cbs_av1.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index 1229480567..29e7bc16df 100644
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx,
         put_bits32(pbc, 0);
     }
 
+    if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc))
+        return AVERROR(ENOSPC);
+
     td = NULL;
     start_pos = put_bits_count(pbc);
 
@@ -1196,9 +1199,6 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx,
     flush_put_bits(pbc);
     av_assert0(data_pos <= start_pos);
 
-    if (8 * obu->obu_size > put_bits_left(pbc))
-        return AVERROR(ENOSPC);
-
     if (obu->obu_size > 0) {
         memmove(pbc->buf + data_pos,
                 pbc->buf + start_pos, header_size);
-- 
2.32.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".