virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/diracdec: Propagate errors from codeblock()

Browse Source 
Consider a component to be damaged if more than 50% of its subbands are damaged

Fixes: Timeout (part 1 of 2)
Fixes: 9774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5748957085958144

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2018-09-14 00:22:13 +02:00
parent db6af88cd0
commit 7274d849cc
1 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
libavcodec/diracdec.c
View File

@ -488,7 +488,7 @@ UNPACK_ARITH(10, int32_t)
* Decode the coeffs in the rectangle defined by left, right, top, bottom * Decode the coeffs in the rectangle defined by left, right, top, bottom
* [DIRAC_STD] 13.4.3.2 Codeblock unpacking loop. codeblock() * [DIRAC_STD] 13.4.3.2 Codeblock unpacking loop. codeblock()
*/ */
static inline void codeblock(DiracContext *s, SubBand *b, static inline int codeblock(DiracContext *s, SubBand *b,
GetBitContext *gb, DiracArith *c, GetBitContext *gb, DiracArith *c,
int left, int right, int top, int bottom, int left, int right, int top, int bottom,
int blockcnt_one, int is_arith) int blockcnt_one, int is_arith)
@ -505,7 +505,7 @@ static inline void codeblock(DiracContext *s, SubBand *b,
zero_block = get_bits1(gb); zero_block = get_bits1(gb);
if (zero_block) if (zero_block)
return; return 0;
} }
if (s->codeblock_mode && !(s->old_delta_quant && blockcnt_one)) { if (s->codeblock_mode && !(s->old_delta_quant && blockcnt_one)) {
@ -516,7 +516,7 @@ static inline void codeblock(DiracContext *s, SubBand *b,
quant = dirac_get_se_golomb(gb); quant = dirac_get_se_golomb(gb);
if (quant > INT_MAX - b->quant || b->quant + quant < 0) { if (quant > INT_MAX - b->quant || b->quant + quant < 0) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid quant\n"); av_log(s->avctx, AV_LOG_ERROR, "Invalid quant\n");
return; return AVERROR_INVALIDDATA;
} }
b->quant += quant; b->quant += quant;
} }
@ -524,7 +524,7 @@ static inline void codeblock(DiracContext *s, SubBand *b,
if (b->quant > (DIRAC_MAX_QUANT_INDEX - 1)) { if (b->quant > (DIRAC_MAX_QUANT_INDEX - 1)) {
av_log(s->avctx, AV_LOG_ERROR, "Unsupported quant %d\n", b->quant); av_log(s->avctx, AV_LOG_ERROR, "Unsupported quant %d\n", b->quant);
b->quant = 0; b->quant = 0;
return; return AVERROR_INVALIDDATA;
} }
qfactor = ff_dirac_qscale_tab[b->quant]; qfactor = ff_dirac_qscale_tab[b->quant];
@ -559,6 +559,7 @@ static inline void codeblock(DiracContext *s, SubBand *b,
buf += b->stride; buf += b->stride;
} }
} }
return 0;
} }
/** /**
@ -593,7 +594,7 @@ INTRA_DC_PRED(10, uint32_t)
* Dirac Specification -> * Dirac Specification ->
* 13.4.2 Non-skipped subbands. subband_coeffs() * 13.4.2 Non-skipped subbands. subband_coeffs()
*/ */
static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b, int is_arith) static av_always_inline int decode_subband_internal(DiracContext *s, SubBand *b, int is_arith)
{ {
int cb_x, cb_y, left, right, top, bottom; int cb_x, cb_y, left, right, top, bottom;
DiracArith c; DiracArith c;
@ -601,9 +602,10 @@ static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b
int cb_width = s->codeblock[b->level + (b->orientation != subband_ll)].width; int cb_width = s->codeblock[b->level + (b->orientation != subband_ll)].width;
int cb_height = s->codeblock[b->level + (b->orientation != subband_ll)].height; int cb_height = s->codeblock[b->level + (b->orientation != subband_ll)].height;
int blockcnt_one = (cb_width + cb_height) == 2; int blockcnt_one = (cb_width + cb_height) == 2;
int ret;
if (!b->length) if (!b->length)
return; return 0;
init_get_bits8(&gb, b->coeff_data, b->length); init_get_bits8(&gb, b->coeff_data, b->length);
@ -616,7 +618,9 @@ static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b
left = 0; left = 0;
for (cb_x = 0; cb_x < cb_width; cb_x++) { for (cb_x = 0; cb_x < cb_width; cb_x++) {
right = (b->width * (cb_x+1LL)) / cb_width; right = (b->width * (cb_x+1LL)) / cb_width;
codeblock(s, b, &gb, &c, left, right, top, bottom, blockcnt_one, is_arith); ret = codeblock(s, b, &gb, &c, left, right, top, bottom, blockcnt_one, is_arith);
if (ret < 0)
return ret;
left = right; left = right;
} }
top = bottom; top = bottom;
@ -629,33 +633,35 @@ static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b
intra_dc_prediction_8(b); intra_dc_prediction_8(b);
} }
} }
return 0;
} }
static int decode_subband_arith(AVCodecContext *avctx, void *b) static int decode_subband_arith(AVCodecContext *avctx, void *b)
{ {
DiracContext *s = avctx->priv_data; DiracContext *s = avctx->priv_data;
decode_subband_internal(s, b, 1); return decode_subband_internal(s, b, 1);
return 0;
} }
static int decode_subband_golomb(AVCodecContext *avctx, void *arg) static int decode_subband_golomb(AVCodecContext *avctx, void *arg)
{ {
DiracContext *s = avctx->priv_data; DiracContext *s = avctx->priv_data;
SubBand **b = arg; SubBand **b = arg;
decode_subband_internal(s, *b, 0); return decode_subband_internal(s, *b, 0);
return 0;
} }
/** /**
* Dirac Specification -> * Dirac Specification ->
* [DIRAC_STD] 13.4.1 core_transform_data() * [DIRAC_STD] 13.4.1 core_transform_data()
*/ */
static void decode_component(DiracContext *s, int comp) static int decode_component(DiracContext *s, int comp)
{ {
AVCodecContext *avctx = s->avctx; AVCodecContext *avctx = s->avctx;
SubBand *bands[3*MAX_DWT_LEVELS+1]; SubBand *bands[3*MAX_DWT_LEVELS+1];
enum dirac_subband orientation; enum dirac_subband orientation;
int level, num_bands = 0; int level, num_bands = 0;
int ret[3*MAX_DWT_LEVELS+1];
int i;
int damaged_count = 0;
/* Unpack all subbands at all levels. */ /* Unpack all subbands at all levels. */
for (level = 0; level < s->wavelet_depth; level++) { for (level = 0; level < s->wavelet_depth; level++) {
@ -677,11 +683,20 @@ static void decode_component(DiracContext *s, int comp)
/* arithmetic coding has inter-level dependencies, so we can only execute one level at a time */ /* arithmetic coding has inter-level dependencies, so we can only execute one level at a time */
if (s->is_arith) if (s->is_arith)
avctx->execute(avctx, decode_subband_arith, &s->plane[comp].band[level][!!level], avctx->execute(avctx, decode_subband_arith, &s->plane[comp].band[level][!!level],
NULL, 4-!!level, sizeof(SubBand)); ret + 3*level + !!level, 4-!!level, sizeof(SubBand));
} }
/* golomb coding has no inter-level dependencies, so we can execute all subbands in parallel */ /* golomb coding has no inter-level dependencies, so we can execute all subbands in parallel */
if (!s->is_arith) if (!s->is_arith)
avctx->execute(avctx, decode_subband_golomb, bands, NULL, num_bands, sizeof(SubBand*)); avctx->execute(avctx, decode_subband_golomb, bands, ret, num_bands, sizeof(SubBand*));
for (i = 0; i < s->wavelet_depth * 3 + 1; i++) {
if (ret[i] < 0)
damaged_count++;
}
if (damaged_count > (s->wavelet_depth * 3 + 1) /2)
return AVERROR_INVALIDDATA;
return 0;
} }
#define PARSE_VALUES(type, x, gb, ebits, buf1, buf2) \ #define PARSE_VALUES(type, x, gb, ebits, buf1, buf2) \
@ -1867,7 +1882,9 @@ static int dirac_decode_frame_internal(DiracContext *s)
if (!s->zero_res && !s->low_delay) if (!s->zero_res && !s->low_delay)
{ {
memset(p->idwt.buf, 0, p->idwt.stride * p->idwt.height); memset(p->idwt.buf, 0, p->idwt.stride * p->idwt.height);
decode_component(s, comp); /* [DIRAC_STD] 13.4.1 core_transform_data() */ ret = decode_component(s, comp); /* [DIRAC_STD] 13.4.1 core_transform_data() */
if (ret < 0)
return ret;
} }
ret = ff_spatial_idwt_init(&d, &p->idwt, s->wavelet_idx+2, ret = ff_spatial_idwt_init(&d, &p->idwt, s->wavelet_idx+2,
s->wavelet_depth, s->bit_depth); s->wavelet_depth, s->bit_depth);