[FFmpeg-devel] [PATCH 2/5] av1_parser: do not check buf_size if we have size in obu header
Xu, Guangxin
guangxin.xu at intel.com
Fri Aug 7 04:25:06 EEST 2020
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces at ffmpeg.org> On Behalf Of James
> Almer
> Sent: Friday, August 7, 2020 1:38 AM
> To: ffmpeg-devel at ffmpeg.org
> Subject: Re: [FFmpeg-devel] [PATCH 2/5] av1_parser: do not check buf_size if
> we have size in obu header
>
> On 8/6/2020 12:15 PM, Xu, Guangxin wrote:
> > Hi James,
> > Thanks for the review.
> > How about we add a new function in av1dec.c like this:
> >
> > static inline int read_obu_header_with_size_flag(const uint8_t *buf, int
> buf_size,
> > int64_t *obu_size, int *type); then
> > we can remove first two patches and check has_size_flag in the function.
>
> You mean duplicating the implementation of parse_obu_header() in av1dec.c?
Yes. if we do not duplicate code. it's hard to fix the issue you mentioned.
Low overhead obu can not foresee the obu size. it need get size from the header.
>
> >
> > I guess "out of array reads" will not happen in low overhead obu, since it
> always prepare enough data the obu.
> >
> >
> >> -----Original Message-----
> >> From: ffmpeg-devel <ffmpeg-devel-bounces at ffmpeg.org> On Behalf Of
> >> James Almer
> >> Sent: Thursday, August 6, 2020 10:03 PM
> >> To: ffmpeg-devel at ffmpeg.org
> >> Subject: Re: [FFmpeg-devel] [PATCH 2/5] av1_parser: do not check
> >> buf_size if we have size in obu header
> >>
> >> On 8/6/2020 5:04 AM, Xu Guangxin wrote:
> >>> for low overhead obu, we can't forsee the obu size. we can only get
> >>> it when we parsed the obu header.
> >>> ---
> >>> libavcodec/av1_parse.h | 2 +-
> >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h index
> >>> a3b39f039c..823bdedd5e 100644
> >>> --- a/libavcodec/av1_parse.h
> >>> +++ b/libavcodec/av1_parse.h
> >>> @@ -135,7 +135,7 @@ static inline int parse_obu_header(const uint8_t
> >>> *buf, int buf_size,
> >>>
> >>> size = *obu_size + *start_pos;
> >>>
> >>> - if (size > buf_size)
> >>> + if (!*has_size_flag && size > buf_size)
> >>
> >> This check was added in c27c7b49dc to fix out of array reads, so this
> >> change will surely reintroduce the issue.
> >>
> >> Also, when has_size_flag is 0, size will never be bigger than
> >> buf_size because it will be derived from it, meaning this change is
> >> the same as removing the check altogether.
> >>
> >>> return AVERROR_INVALIDDATA;
> >>>
> >>> return size;
> >>>
> >>
> >> _______________________________________________
> >> ffmpeg-devel mailing list
> >> ffmpeg-devel at ffmpeg.org
> >> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >>
> >> To unsubscribe, visit link above, or email
> >> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> >
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email ffmpeg-devel-request at ffmpeg.org
> with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list