[FFmpeg-devel] [RFC] [PATCH] hevc_ps: reorder SPS reading to allow some errors

Michael Niedermayer michaelni at gmx.at
Thu Aug 21 03:06:12 CEST 2014 

On Thu, Aug 21, 2014 at 02:06:39AM +0200, Christophe Gisquet wrote:
> Hi,
> 
> ticket #3872 is about a regression on decoding of hevc:
> https://trac.ffmpeg.org/ticket/3872
> 
> The reason is a stricter validation is now performed since 5ec85c97.
> 
> The sequence seems invalid to me, as it seems the SPS was truncated or
> corrupted somewhere in the VUI. But if we ignore the a priori invalid
> SPS, the sequence actually decodes fine.
> 
> It seems impossible to detect when this occurs:
> - A local test by remuxing hevc ES streams into mkv with mkvtoolnix
> 7.1.0 yielded valid streams, so this muxer is maybe not responsible
> (the file may have actually been transmuxed);
> - I don't see any obvious extra/userdata or anything allowing to
> identify the encoder (is it x265? the information has been stripped so
> it may be another encoder).
> 
> The metadata (I bet irrelevant here) of this file, as found on
> ffmpeg's stdout, can be seen in the attached metadata.txt file
> 

> I'm trying to dig more information to see how narrow a fix could be.
> H.264 in that case simply rejects the data.

heres a narrower solution for this file
not sure its better
i can apply whichever you prefer, probably we wont find out which
is the best solution before pushing something and waiting for more
bug reports

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 2ccce5f..64fb04b 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -552,6 +552,13 @@ static void decode_vui(HEVCContext *s, HEVCSPS *sps)
     vui->vui_timing_info_present_flag = get_bits1(gb);

     if (vui->vui_timing_info_present_flag) {
+        if (get_bits_left(gb) < 66) {
+            av_log(s->avctx, AV_LOG_WARNING,
+                   "VUI timing information truncated, %d bits left\n",
+                   get_bits_left(gb)
+            );
+            return;
+        }
         vui->vui_num_units_in_tick               = get_bits_long(gb, 32);
         vui->vui_time_scale                      = get_bits_long(gb, 32);
         vui->vui_poc_proportional_to_timing_flag = get_bits1(gb);


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 2
"100% positive feedback" - "All either got their money back or didnt complain"
"Best seller ever, very honest" - "Seller refunded buyer after failed scam"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140821/aafe67dc/attachment.asc>

More information about the ffmpeg-devel mailing list