Re: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
On Fri, Sep 09, 2016 at 02:36:20AM +0200, Michael Niedermayer wrote: > On Thu, Sep 08, 2016 at 04:18:26PM +0200, Matthieu Bouron wrote: > > On Thu, Sep 8, 2016 at 2:28 PM, Michael Niedermayer> > wrote: > > > > > On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote: > > > > From: Matthieu Bouron > > > > > > > > --- > > > > libavcodec/hevc.h| 9 + > > > > libavcodec/hevc_ps.c | 27 +++ > > > > 2 files changed, 36 insertions(+) > > > > > > > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h > > > > index be91010..6a3c750 100644 > > > > --- a/libavcodec/hevc.h > > > > +++ b/libavcodec/hevc.h > > > > @@ -387,6 +387,9 @@ typedef struct HEVCVPS { > > > > uint8_t vps_poc_proportional_to_timing_flag; > > > > int vps_num_ticks_poc_diff_one; ///< > > > > vps_num_ticks_poc_diff_one_minus1 > > > + 1 > > > > int vps_num_hrd_parameters; > > > > + > > > > +uint8_t data[4096]; > > > > +int data_size; > > > > } HEVCVPS; > > > > > > > > typedef struct ScalingList { > > > > @@ -483,6 +486,9 @@ typedef struct HEVCSPS { > > > > int vshift[3]; > > > > > > > > int qp_bd_offset; > > > > + > > > > +uint8_t data[4096]; > > > > +int data_size; > > > > } HEVCSPS; > > > > > > > > typedef struct HEVCPPS { > > > > @@ -557,6 +563,9 @@ typedef struct HEVCPPS { > > > > int *tile_pos_rs; ///< TilePosRS > > > > int *min_tb_addr_zs;///< MinTbAddrZS > > > > int *min_tb_addr_zs_tab;///< MinTbAddrZS > > > > + > > > > +uint8_t data[4096]; > > > > +int data_size; > > > > } HEVCPPS; > > > > > > > > typedef struct HEVCParamSets { > > > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > > > > index 83f2ec2..629e454 100644 > > > > --- a/libavcodec/hevc_ps.c > > > > +++ b/libavcodec/hevc_ps.c > > > > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, > > > AVCodecContext *avctx, > > > > > > > > av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); > > > > > > > > +vps->data_size = gb->buffer_end - gb->buffer; > > > > > > This theoretically could overflow, data_size is only an int the pointer > > > difference might be larger > > > > > > > Updated patch attached. > > > > [...] > > > hevc.h|9 + > > hevc_ps.c | 36 > > 2 files changed, 45 insertions(+) > > 74a311a04fc12daab6f9dc4dc228d3e2d574b12f > > 0001-lavc-hevc-store-VPS-SPS-PPS-data.patch > > From e25cc9920accb43dd4af152358b78160e85d64a2 Mon Sep 17 00:00:00 2001 > > From: Matthieu Bouron > > Date: Wed, 7 Sep 2016 11:36:10 +0200 > > Subject: [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data > > LGTM > > thx Pushed. Thanks. [...] ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
On Thu, Sep 08, 2016 at 04:18:26PM +0200, Matthieu Bouron wrote: > On Thu, Sep 8, 2016 at 2:28 PM, Michael Niedermayer> wrote: > > > On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote: > > > From: Matthieu Bouron > > > > > > --- > > > libavcodec/hevc.h| 9 + > > > libavcodec/hevc_ps.c | 27 +++ > > > 2 files changed, 36 insertions(+) > > > > > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h > > > index be91010..6a3c750 100644 > > > --- a/libavcodec/hevc.h > > > +++ b/libavcodec/hevc.h > > > @@ -387,6 +387,9 @@ typedef struct HEVCVPS { > > > uint8_t vps_poc_proportional_to_timing_flag; > > > int vps_num_ticks_poc_diff_one; ///< > > > vps_num_ticks_poc_diff_one_minus1 > > + 1 > > > int vps_num_hrd_parameters; > > > + > > > +uint8_t data[4096]; > > > +int data_size; > > > } HEVCVPS; > > > > > > typedef struct ScalingList { > > > @@ -483,6 +486,9 @@ typedef struct HEVCSPS { > > > int vshift[3]; > > > > > > int qp_bd_offset; > > > + > > > +uint8_t data[4096]; > > > +int data_size; > > > } HEVCSPS; > > > > > > typedef struct HEVCPPS { > > > @@ -557,6 +563,9 @@ typedef struct HEVCPPS { > > > int *tile_pos_rs; ///< TilePosRS > > > int *min_tb_addr_zs;///< MinTbAddrZS > > > int *min_tb_addr_zs_tab;///< MinTbAddrZS > > > + > > > +uint8_t data[4096]; > > > +int data_size; > > > } HEVCPPS; > > > > > > typedef struct HEVCParamSets { > > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > > > index 83f2ec2..629e454 100644 > > > --- a/libavcodec/hevc_ps.c > > > +++ b/libavcodec/hevc_ps.c > > > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, > > AVCodecContext *avctx, > > > > > > av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); > > > > > > +vps->data_size = gb->buffer_end - gb->buffer; > > > > This theoretically could overflow, data_size is only an int the pointer > > difference might be larger > > > > Updated patch attached. > > [...] > hevc.h|9 + > hevc_ps.c | 36 > 2 files changed, 45 insertions(+) > 74a311a04fc12daab6f9dc4dc228d3e2d574b12f > 0001-lavc-hevc-store-VPS-SPS-PPS-data.patch > From e25cc9920accb43dd4af152358b78160e85d64a2 Mon Sep 17 00:00:00 2001 > From: Matthieu Bouron > Date: Wed, 7 Sep 2016 11:36:10 +0200 > Subject: [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data LGTM thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is what and why we do it that matters, not just one of them. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
On Thu, Sep 8, 2016 at 2:28 PM, Michael Niedermayerwrote: > On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote: > > From: Matthieu Bouron > > > > --- > > libavcodec/hevc.h| 9 + > > libavcodec/hevc_ps.c | 27 +++ > > 2 files changed, 36 insertions(+) > > > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h > > index be91010..6a3c750 100644 > > --- a/libavcodec/hevc.h > > +++ b/libavcodec/hevc.h > > @@ -387,6 +387,9 @@ typedef struct HEVCVPS { > > uint8_t vps_poc_proportional_to_timing_flag; > > int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 > + 1 > > int vps_num_hrd_parameters; > > + > > +uint8_t data[4096]; > > +int data_size; > > } HEVCVPS; > > > > typedef struct ScalingList { > > @@ -483,6 +486,9 @@ typedef struct HEVCSPS { > > int vshift[3]; > > > > int qp_bd_offset; > > + > > +uint8_t data[4096]; > > +int data_size; > > } HEVCSPS; > > > > typedef struct HEVCPPS { > > @@ -557,6 +563,9 @@ typedef struct HEVCPPS { > > int *tile_pos_rs; ///< TilePosRS > > int *min_tb_addr_zs;///< MinTbAddrZS > > int *min_tb_addr_zs_tab;///< MinTbAddrZS > > + > > +uint8_t data[4096]; > > +int data_size; > > } HEVCPPS; > > > > typedef struct HEVCParamSets { > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > > index 83f2ec2..629e454 100644 > > --- a/libavcodec/hevc_ps.c > > +++ b/libavcodec/hevc_ps.c > > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, > AVCodecContext *avctx, > > > > av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); > > > > +vps->data_size = gb->buffer_end - gb->buffer; > > This theoretically could overflow, data_size is only an int the pointer > difference might be larger > Updated patch attached. [...] From e25cc9920accb43dd4af152358b78160e85d64a2 Mon Sep 17 00:00:00 2001 From: Matthieu Bouron Date: Wed, 7 Sep 2016 11:36:10 +0200 Subject: [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data --- libavcodec/hevc.h| 9 + libavcodec/hevc_ps.c | 36 2 files changed, 45 insertions(+) diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index be91010..6a3c750 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -387,6 +387,9 @@ typedef struct HEVCVPS { uint8_t vps_poc_proportional_to_timing_flag; int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + 1 int vps_num_hrd_parameters; + +uint8_t data[4096]; +int data_size; } HEVCVPS; typedef struct ScalingList { @@ -483,6 +486,9 @@ typedef struct HEVCSPS { int vshift[3]; int qp_bd_offset; + +uint8_t data[4096]; +int data_size; } HEVCSPS; typedef struct HEVCPPS { @@ -557,6 +563,9 @@ typedef struct HEVCPPS { int *tile_pos_rs; ///< TilePosRS int *min_tb_addr_zs;///< MinTbAddrZS int *min_tb_addr_zs_tab;///< MinTbAddrZS + +uint8_t data[4096]; +int data_size; } HEVCPPS; typedef struct HEVCParamSets { diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 83f2ec2..d08ba34 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -399,6 +399,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, { int i,j; int vps_id = 0; +ptrdiff_t nal_size; HEVCVPS *vps; AVBufferRef *vps_buf = av_buffer_allocz(sizeof(*vps)); @@ -408,6 +409,17 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); +nal_size = gb->buffer_end - gb->buffer; +if (nal_size > sizeof(vps->data)) { +av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized VPS " + "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n", + nal_size, sizeof(vps->data)); +vps->data_size = sizeof(vps->data); +} else { +vps->data_size = nal_size; +} +memcpy(vps->data, gb->buffer, vps->data_size); + vps_id = get_bits(gb, 4); if (vps_id >= MAX_VPS_COUNT) { av_log(avctx, AV_LOG_ERROR, "VPS id out of range: %d\n", vps_id); @@ -1177,6 +1189,7 @@ int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, AVBufferRef *sps_buf = av_buffer_allocz(sizeof(*sps)); unsigned int sps_id; int ret; +ptrdiff_t nal_size; if (!sps_buf) return AVERROR(ENOMEM); @@ -1184,6 +1197,17 @@ int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Decoding SPS\n"); +nal_size = gb->buffer_end - gb->buffer; +if (nal_size > sizeof(sps->data)) { +av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized SPS " + "(%"PTRDIFF_SPECIFIER" > %"SIZE_SPECIFIER")\n", + nal_size, sizeof(sps->data)); +sps->data_size = sizeof(sps->data); +} else { +sps->data_size = nal_size; +
Re: [FFmpeg-devel] [PATCH 1/2] lavc/hevc: store VPS/SPS/PPS data
On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote: > From: Matthieu Bouron> > --- > libavcodec/hevc.h| 9 + > libavcodec/hevc_ps.c | 27 +++ > 2 files changed, 36 insertions(+) > > diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h > index be91010..6a3c750 100644 > --- a/libavcodec/hevc.h > +++ b/libavcodec/hevc.h > @@ -387,6 +387,9 @@ typedef struct HEVCVPS { > uint8_t vps_poc_proportional_to_timing_flag; > int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + > 1 > int vps_num_hrd_parameters; > + > +uint8_t data[4096]; > +int data_size; > } HEVCVPS; > > typedef struct ScalingList { > @@ -483,6 +486,9 @@ typedef struct HEVCSPS { > int vshift[3]; > > int qp_bd_offset; > + > +uint8_t data[4096]; > +int data_size; > } HEVCSPS; > > typedef struct HEVCPPS { > @@ -557,6 +563,9 @@ typedef struct HEVCPPS { > int *tile_pos_rs; ///< TilePosRS > int *min_tb_addr_zs;///< MinTbAddrZS > int *min_tb_addr_zs_tab;///< MinTbAddrZS > + > +uint8_t data[4096]; > +int data_size; > } HEVCPPS; > > typedef struct HEVCParamSets { > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > index 83f2ec2..629e454 100644 > --- a/libavcodec/hevc_ps.c > +++ b/libavcodec/hevc_ps.c > @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, > AVCodecContext *avctx, > > av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); > > +vps->data_size = gb->buffer_end - gb->buffer; This theoretically could overflow, data_size is only an int the pointer difference might be larger [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Avoid a single point of failure, be that a person or equipment. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel