[FFmpeg-devel] [PATCH v2] libavcodec/cbs_av1: Add size check before parse obu

Mark Thompson sw at jkqxz.net
Sat Apr 30 20:45:13 EEST 2022


On 29/03/2022 09:29, Wenbin Chen wrote:
> cbs_av1_write_unit() check pbc size after parsing obu frame, and return
> AVERROR(ENOSPC) if pbc is small. pbc will be reallocated and this obu
> frame will be parsed again, but this may cause error because
> CodedBitstreamAV1Context has already been updated, for example
> ref_order_hint is updated and will not match the same obu frame. Now size
> check is added before parsing obu frame to avoid this error.
> 
> Signed-off-by: Wenbin Chen <wenbin.chen at intel.com>
> ---
>   libavcodec/cbs_av1.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> index 1229480567..29e7bc16df 100644
> --- a/libavcodec/cbs_av1.c
> +++ b/libavcodec/cbs_av1.c
> @@ -1075,6 +1075,9 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx,
>           put_bits32(pbc, 0);
>       }
>   
> +    if (8 * (unit->data_size + obu->obu_size) > put_bits_left(pbc))
> +        return AVERROR(ENOSPC);

unit->data_size is not usefully set when we are writing here (it might be the size of the old bitstream in editing cases, or it might just be zero).

> +
>       td = NULL;
>       start_pos = put_bits_count(pbc);
>   
> @@ -1196,9 +1199,6 @@ static int cbs_av1_write_obu(CodedBitstreamContext *ctx,
>       flush_put_bits(pbc);
>       av_assert0(data_pos <= start_pos);
>   
> -    if (8 * obu->obu_size > put_bits_left(pbc))
> -        return AVERROR(ENOSPC);
> -
>       if (obu->obu_size > 0) {
>           memmove(pbc->buf + data_pos,
>                   pbc->buf + start_pos, header_size);

So, this doesn't work?  The header hasn't been written that point, so you don't know if there is enough space for both the OBU header and the OBU data.

Having the check in both places would be fine (the newly-added one being a way to bail early when there definitely isn't enough space), but that wouldn't do what you want.

I'm not sure what the right answer is here.  Do we need some way to unwind the written header?  The initial buffer size is 1MB and gets doubled each time, so this is not going to be hit very often.

- Mark


More information about the ffmpeg-devel mailing list