From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id C378142255 for ; Sat, 30 Apr 2022 17:45:25 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2107968B254; Sat, 30 Apr 2022 20:45:22 +0300 (EEST) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 192C668AD28 for ; Sat, 30 Apr 2022 20:45:15 +0300 (EEST) Received: by mail-wm1-f47.google.com with SMTP id r11-20020a05600c35cb00b0039409c1111bso5442982wmq.3 for ; Sat, 30 Apr 2022 10:45:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jkqxz-net.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=0nUZGP+luY/hJL6cWPfGdQky3H6oZOc2fWqOxiXa/oM=; b=TAw/s91NrfxSsk8iHUAhu5x5GHd4U3Hay4iVdvxCcpvH4pKCAWr7+XtGe0nQkW9/i5 OYLaZ+uWmCw390dx/iv6mxTgnI6K6izjC/ldz/i2OtwcjHMv1VgDcanEiyR86VmWU9VZ aEwflZ1AzizPvtsrC6ziAGp34WIBerBab6NKRh/fHhDzuEP0g23Ob7geyHUwpQSmWedA F7a8HjW8n94yw4J99g5oQfuBBu2pK/guERoAsHXjr6khJGevhqh5W7YaSi7pWS0cPMnR 7k/Sz1XkJ0i5XooMWZIlyomgcc6KuxxILa0qR5PzLORVrblGozrwJI+n+VC1tXCLcAAX vk+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=0nUZGP+luY/hJL6cWPfGdQky3H6oZOc2fWqOxiXa/oM=; b=XZY9Ok/W1TlK0w0dx30cJam9UCtmtUUXgpmHXPHALtrFj8wqy4v62BU+lqZ5HywKSY ujXJWyeRxMa/9bfeeL1giLZUK8bDwUBT6peEwnrgxbaQWSZhpZYGeiSu4sVaDTqayOdJ axE4yYDnwZ+llaXHifXz8RM2g5Ht1UlrApSSK4tw6r+FqFwoOnRQJxj0WFG7KTfbH2Sv g7Z5EW3QWSumb574K17vlqbBIoUOAjH1Pwa+MACZB/M6eUL25tgaZkbmCoa/vGbGS7V5 kh2qiALSU3+oAUqpiSTIxkBjtDrRW4in5u0zEazuPtEdbUzHnlVFOsD3k32Y56I9iRAQ Xj5g== X-Gm-Message-State: AOAM531uDTNBImP2uYJe9qhXr4VaXwQKSfAQmDkemo/s5MLDx+R8rN7v BaOTaz8ZZBSsPH8Fm5RXd9mPDZdI0bu805jR X-Google-Smtp-Source: ABdhPJybrkEqeHPjsCZoacOjEF6BsGnFjwft5V1IPz7e9kW2/5qbfNwzaKc1fxatxcF3h4ADE9Tasg== X-Received: by 2002:a05:600c:3ca3:b0:392:990b:af11 with SMTP id bg35-20020a05600c3ca300b00392990baf11mr4278208wmb.173.1651340714386; Sat, 30 Apr 2022 10:45:14 -0700 (PDT) Received: from [192.168.0.11] (cpc91222-cmbg18-2-0-cust46.5-4.cable.virginm.net. [81.106.30.47]) by smtp.gmail.com with ESMTPSA id q8-20020a1ce908000000b003942a244eeasm2251810wmc.47.2022.04.30.10.45.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 30 Apr 2022 10:45:13 -0700 (PDT) Message-ID: <39b1abfb-8f9b-9ae1-01b8-16acf821c23c@jkqxz.net> Date: Sat, 30 Apr 2022 18:45:13 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220329082921.756174-1-wenbin.chen@intel.com> From: Mark Thompson In-Reply-To: <20220329082921.756174-1-wenbin.chen@intel.com> Subject: Re: [FFmpeg-devel] [PATCH v2] libavcodec/cbs_av1: Add size check before parse obu X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 29/03/2022 09:29, Wenbin Chen wrote: > cbs_av1_write_unit() check pbc size after parsing obu frame, and return > AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu > frame will be parsed again, but this may cause error because > CodedBitstreamAV1Context has already been updated, for example > ref_order_hint is updated and will not match the same obu frame. Now size > check is added before parsing obu frame to avoid this error. > > Signed-off-by: Wenbin Chen > --- > libavcodec/cbs_av1.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c > index 1229480567..29e7bc16df 100644 > --- a/libavcodec/cbs_av1.c > +++ b/libavcodec/cbs_av1.c > @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, > put_bits32(pbc, 0); > } > > + if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc)) > + return AVERROR(ENOSPC); unit->data_size is not usefully set when we are writing here (it might be the size of the old bitstream in editing cases, or it might just be zero). > + > td = NULL; > start_pos = put_bits_count(pbc); > > @@ -1196,9 +1199,6 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx, > flush_put_bits(pbc); > av_assert0(data_pos <= start_pos); > > - if (8 * obu->obu_size > put_bits_left(pbc)) > - return AVERROR(ENOSPC); > - > if (obu->obu_size > 0) { > memmove(pbc->buf + data_pos, > pbc->buf + start_pos, header_size); So, this doesn't work? The header hasn't been written that point, so you don't know if there is enough space for both the OBU header and the OBU data. Having the check in both places would be fine (the newly-added one being a way to bail early when there definitely isn't enough space), but that wouldn't do what you want. I'm not sure what the right answer is here. Do we need some way to unwind the written header? The initial buffer size is 1MB and gets doubled each time, so this is not going to be hit very often. - Mark _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".