[FFmpeg-devel] [PATCH 2/5] av1_parser: do not check buf_size if we have size in obu header

James Almer jamrial at gmail.com
Thu Aug 6 20:38:26 EEST 2020 

On 8/6/2020 12:15 PM, Xu, Guangxin wrote:
> Hi James,
> Thanks for the review.
> How about we add a new function in av1dec.c like this:
> 
> static inline int read_obu_header_with_size_flag(const uint8_t *buf, int buf_size,
>                                    int64_t *obu_size, int *type);
> then we can remove first two patches and check has_size_flag in the function. 

You mean duplicating the implementation of parse_obu_header() in av1dec.c?

> 
> I guess "out of array reads" will not happen in low overhead obu, since it always prepare enough data the obu.
> 
> 
>> -----Original Message-----
>> From: ffmpeg-devel <ffmpeg-devel-bounces at ffmpeg.org> On Behalf Of James
>> Almer
>> Sent: Thursday, August 6, 2020 10:03 PM
>> To: ffmpeg-devel at ffmpeg.org
>> Subject: Re: [FFmpeg-devel] [PATCH 2/5] av1_parser: do not check buf_size if
>> we have size in obu header
>>
>> On 8/6/2020 5:04 AM, Xu Guangxin wrote:
>>> for low overhead obu, we can't forsee the obu size. we can only get it
>>> when we parsed the obu header.
>>> ---
>>>  libavcodec/av1_parse.h | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h index
>>> a3b39f039c..823bdedd5e 100644
>>> --- a/libavcodec/av1_parse.h
>>> +++ b/libavcodec/av1_parse.h
>>> @@ -135,7 +135,7 @@ static inline int parse_obu_header(const uint8_t
>>> *buf, int buf_size,
>>>
>>>      size = *obu_size + *start_pos;
>>>
>>> -    if (size > buf_size)
>>> +    if (!*has_size_flag && size > buf_size)
>>
>> This check was added in c27c7b49dc to fix out of array reads, so this change will
>> surely reintroduce the issue.
>>
>> Also, when has_size_flag is 0, size will never be bigger than buf_size because it
>> will be derived from it, meaning this change is the same as removing the check
>> altogether.
>>
>>>          return AVERROR_INVALIDDATA;
>>>
>>>      return size;
>>>
>>
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email ffmpeg-devel-request at ffmpeg.org
>> with subject "unsubscribe".
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>

More information about the ffmpeg-devel mailing list