From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5075F44617 for ; Thu, 20 Oct 2022 08:59:46 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 25ACF68BE8D; Thu, 20 Oct 2022 11:59:44 +0300 (EEST) Received: from mx.sdf.org (mx.sdf.org [205.166.94.24]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7B04F68B96F for ; Thu, 20 Oct 2022 11:59:37 +0300 (EEST) Received: from 45cccc65f298575ed5de7e32d4efc6de ([1.145.213.234]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id 29K8xUEn025582 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO) for ; Thu, 20 Oct 2022 08:59:34 GMT Date: Thu, 20 Oct 2022 19:59:25 +1100 From: Peter Ross To: ffmpeg-devel@ffmpeg.org Message-ID: <812f50e814dbd8cd8d854da6ccd5a5d6477551ba.1666256242.git.pross@xvid.org> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avcodec/mss2: calculate draw region and revise split position X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============7339430915168280464==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============7339430915168280464== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5pckx1egKWRnDniX" Content-Disposition: inline --5pckx1egKWRnDniX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable for videos with wmv9 rectangles, the region drawn by ff_mss12_decode_rect may be less than the entire video area. the wmv9 rectangles are used to calculate the ff_mss12_decode_rect draw region. Fixes tickets #3255 and #4043 --- (will also fix identation as seperate commit on push) libavcodec/mss2.c | 70 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 66 insertions(+), 4 deletions(-) diff --git a/libavcodec/mss2.c b/libavcodec/mss2.c index d8a30019f7..69494d8c44 100644 --- a/libavcodec/mss2.c +++ b/libavcodec/mss2.c @@ -468,6 +468,39 @@ struct Rectangle { int coded, x, y, w, h; }; =20 +struct Rectangle2 { + int left, right, top, bottom; +}; + +static void calc_draw_region(struct Rectangle2 * draw, const struct Rectan= gle2 * rect) +{ +#define COMPARE(top, bottom, left, right) \ + if (rect->top <=3D draw->top && rect->bottom >=3D draw->bottom) { \ + if (rect->left <=3D draw->left && rect->right >=3D draw->left) \ + draw->left =3D FFMIN(rect->right, draw->right); \ + \ + if (rect->right >=3D draw->right) { \ + if (rect->left >=3D draw->left) { \ + if (rect->left < draw->right) \ + draw->right =3D rect->left; \ + } else { \ + draw->right =3D draw->left; \ + } \ + } \ + } + + COMPARE(top, bottom, left, right) + COMPARE(left, right, top, bottom) +} + +static int calc_split_position(int split_position, const struct Rectangle2= * rect, int height) +{ + if (rect->top || rect->bottom !=3D height) + split_position =3D rect->top + split_position * (rect->bottom - re= ct->top) / height; + + return av_clip(split_position, rect->top + 1, rect->bottom - 1); +} + #define MAX_WMV9_RECTANGLES 20 #define ARITH2_PADDING 2 =20 @@ -485,6 +518,7 @@ static int mss2_decode_frame(AVCodecContext *avctx, AVF= rame *frame, int keyframe, has_wmv9, has_mv, is_rle, is_555, ret; =20 struct Rectangle wmv9rects[MAX_WMV9_RECTANGLES], *r; + struct Rectangle2 draw; int used_rects =3D 0, i, implicit_rect =3D 0, av_uninit(wmv9_mask); =20 if ((ret =3D init_get_bits8(&gb, buf, buf_size)) < 0) @@ -671,11 +705,32 @@ static int mss2_decode_frame(AVCodecContext *avctx, A= VFrame *frame, bytestream2_init(&gB, buf, buf_size + ARITH2_PADDING); arith2_init(&acoder, &gB); c->keyframe =3D keyframe; - if (c->corrupted =3D ff_mss12_decode_rect(&ctx->sc[0], &acoder= , 0, 0, - avctx->width, - ctx->split_position)) + + draw.left =3D 0; + draw.top =3D 0; + draw.right =3D avctx->width; + draw.bottom =3D avctx->height; + if (wmv9_mask =3D=3D -1) { + for (i =3D 0; i < used_rects; i++) { + struct Rectangle2 r; + r.left =3D wmv9rects[i].x; + r.top =3D wmv9rects[i].y; + r.right =3D r.left + wmv9rects[i].w; + r.bottom =3D r.top + wmv9rects[i].h; + calc_draw_region(&draw, &r); + } + } + + if (draw.left >=3D avctx->width || draw.right > avctx->width || + draw.top >=3D avctx->height || draw.bottom > avctx->height) return AVERROR_INVALIDDATA; =20 + if (c->slice_split && draw.bottom - draw.top >=3D 10) { + ctx->split_position =3D calc_split_position(ctx->split_pos= ition, &draw, avctx->height); + if (c->corrupted =3D ff_mss12_decode_rect(&ctx->sc[0], &acoder= , 0, draw.top, + avctx->width, + ctx->split_position - = draw.top)) + return AVERROR_INVALIDDATA; buf +=3D arith2_get_consumed_bytes(&acoder); buf_size -=3D arith2_get_consumed_bytes(&acoder); if (c->slice_split) { @@ -686,7 +741,14 @@ static int mss2_decode_frame(AVCodecContext *avctx, AV= Frame *frame, if (c->corrupted =3D ff_mss12_decode_rect(&ctx->sc[1], &ac= oder, 0, ctx->split_positio= n, avctx->width, - avctx->height - ct= x->split_position)) + draw.bottom - ctx-= >split_position)) + return AVERROR_INVALIDDATA; + buf +=3D arith2_get_consumed_bytes(&acoder); + buf_size -=3D arith2_get_consumed_bytes(&acoder); + } + } else { + if (c->corrupted =3D ff_mss12_decode_rect(&ctx->sc[0], &ac= oder, draw.left, draw.top, + draw.right - draw.= left, draw.bottom - draw.top)) return AVERROR_INVALIDDATA; =20 buf +=3D arith2_get_consumed_bytes(&acoder); --=20 2.35.1 -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B) --5pckx1egKWRnDniX Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQSpB+AvpuUM0jTNINJnYHnFrEDdawUCY1EN6QAKCRBnYHnFrEDd awH3AJ9My42Lc6dNavD9vFZvZFGxP0NJjQCgzcw9OfF9q9TVa61ZAuFD1MXNQUA= =gy8z -----END PGP SIGNATURE----- --5pckx1egKWRnDniX-- --===============7339430915168280464== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============7339430915168280464==--