1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

95 Commits

Author SHA1 Message Date
Andreas Rheinhardt
a105b11a9d avcodec/cbs: Add specialization for ff_cbs_(read|write)_unsigned()
These functions allow not only to read and write unsigned values,
but also to check ranges and to emit trace output which can be
beautified when processing arrays (indices like "[i]" are replaced
by their actual numbers).

Yet lots of callers actually only need something simpler:
Their range is only implicitly restricted by the amount
of bits used and they are not part of arrays, hence don't
need this beautification.

This commit adds specializations for these callers;
this is very beneficial size-wise (it reduced the size
of .text by 23312 bytes here), as a call is now cheaper.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-07-30 21:36:31 +02:00
Michael Niedermayer
0ba719f726
avcodec/cbs_h2645: Avoid an unchecked bytesteram read
The unchecked read caused the 2nd subsequent tell call to move backward resulting
in a negative length

Fixes: assertion failure
Fixes: 60276/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5434126636023808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-07-25 23:17:29 +02:00
James Almer
68e9d2835f avcodec/cbs_h266: add support for Adaptation parameter set NALU type
Reviewed-by: Nuo Mi <nuomi2021@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2023-07-06 11:43:13 -03:00
James Almer
8995e2f77e avcodec/cbs_h266: add support for Decoding capability information NALU type
Signed-off-by: James Almer <jamrial@gmail.com>
2023-07-05 18:18:33 -03:00
James Almer
6cb57bb457 avcodec/cbs_h266: add support for Operating point information NALU type
Signed-off-by: James Almer <jamrial@gmail.com>
2023-07-05 18:18:33 -03:00
James Almer
995976750a avcodec/cbs_h2645: fix parsing and storing Picture Header references in the context
Signed-off-by: James Almer <jamrial@gmail.com>
2023-06-30 08:26:38 -03:00
Nuo Mi
dfc62fd1c6 avcodec/cbs: add cbs implementation for H266/VVC
Add CodedBitstreamContext to parse VPS,SPS,PPS in VVC nal units.
Implement parsing and writing of SPS,PPS,VPS,PH,AUD,SEI and slices.
Add ff_cbs_type_h266 to cbs types tables and AV_CODEC_ID_H266
to cbs codec ids.

Co-authored-by: Thomas Siedel <thomas.ff@spin-digital.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2023-06-29 14:12:50 -03:00
Zhao Zhili
4144584010 avcodec/cbs_h2645: add discard_unit implementation for H.265 2023-06-19 11:52:18 +08:00
Zhao Zhili
e7cde0cbd5 avcodec/cbs_h2645: add discarded_unit implementation for H.264 2023-06-19 11:52:18 +08:00
Jan Ekström
f4bebc0c34 avcodec/cbs_{h2645,sei}: add support for Ambient Viewing Environment SEI
Defined by H.274, this SEI message is utilized by iPhones to save
the nominal ambient viewing environment for the display of recorded
HDR content.
2023-01-13 20:53:02 +02:00
Andreas Rheinhardt
0d408f4013 avcodec/cbs_h2645: Remove always-false check
The functions to replace parameter sets are only called
after the respective parameter set has just been read or
has just been written; all of these functions check
that the id field is within the appropriate range.
So the checks in the replace-functions can be removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-08-08 11:29:34 +02:00
Andreas Rheinhardt
2ba04bafb4 avcodec/cbs: Remove ff_cbs_alloc_unit_content
It is no longer used.
Also rename ff_cbs_alloc_unit_content2 to ff_cbs_alloc_unit_content.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-08-08 11:29:33 +02:00
Andreas Rheinhardt
b37805ddbd avcodec/cbs_internal, cbs_h2645: Add and use new descriptor macros
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-08-08 11:29:33 +02:00
Andreas Rheinhardt
55c605f72c avcodec/cbs_h2645: Remove unnecessary (h264|hevc)_sei.h inclusions
They are unnecessary since the SEI enum has been moved
to sei.h.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-02 08:58:20 +02:00
Andreas Rheinhardt
66d7a21132 avcodec/cbs: Make ff_cbs_insert_unit_data() always append the new unit
All split functions (the only users of this function) only
append units.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-02-08 06:02:05 +01:00
James Almer
794e15fd54 cbs_h265: add support for Film Grain Characteristics SEI message
Signed-off-by: James Almer <jamrial@gmail.com>
2021-08-06 09:56:44 -03:00
James Almer
41d1dba4d2 cbs_h264: add support for Film Grain Characteristics SEI messages
Signed-off-by: James Almer <jamrial@gmail.com>
2021-07-23 11:05:04 -03:00
Mark Thompson
8843607f49 cbs_h2645: Merge SEI message handling in common between codecs 2021-01-21 17:13:54 +00:00
Mark Thompson
773857df59 hevc: Use common SEI types 2021-01-21 17:13:54 +00:00
Mark Thompson
64b3aac8d0 h264: Use common SEI types 2021-01-21 17:13:54 +00:00
Mark Thompson
4bf3384800 cbs_h2645: Merge SEI messages in common between codecs
Make a new template file for common SEI messages - this will also apply
to H.266.
2021-01-21 17:13:54 +00:00
Nuo Mi
2ad21ee9d4 avcodec/cbs_h2645: Move zero_byte check to its own function
Signed-off-by: Mark Thompson <sw@jkqxz.net>
2021-01-11 21:34:43 +00:00
James Almer
c35cf9fe53 avcodec/cbs_h2645: remove dead code in cbs_h2645_replace_ps()
Missed in 0720e15c0330f0f101c02d5c2c6548e964079f6d. PS units are now guaranteed
to always be reference counter.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-12-01 13:21:23 -03:00
James Almer
0c84253353 avcodec/cbs_h2645: implement CodedBitstreamType.flush() callbacks
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
Mark Thompson
e38646de1c cbs_h265: Use table-based alloc/free 2020-09-02 00:00:57 +01:00
Mark Thompson
0720e15c03 cbs_h2645: Ensure that non-refcounted parameter sets are fully copied
Only copying the main structure is not necessarily sufficient - there
could be references to substructures.
2020-09-02 00:00:57 +01:00
Mark Thompson
2cb152d52f cbs_h264: Use table-based alloc/free 2020-09-02 00:00:57 +01:00
Andreas Rheinhardt
1bdbc50bf4 avcodec/cbs: Remove unused function parameters
Several cbs-functions had an unused CodedBitstreamContext parameter.
This commit removes these.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-07 04:46:51 +02:00
James Almer
ef13fafe22 avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:04 -03:00
James Almer
3d51d3b42d avcodec/cbs_h265: add missing support for reserved_payload_extension_data SEI bits
Fixes ticket #8622

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-03 19:53:01 -03:00
James Almer
3a41bac4e2 avcodec/cbs_h265: move the payload_extension_present check into its own function
Will be reused in the following patch.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-03 19:53:01 -03:00
Andreas Rheinhardt
14dd0a9057 avcodec/cbs: Avoid leaving the ... out in calls to variadic macros
According to C99, there has to be at least one argument for every ...
in a variadic function-like macro. In practice most (all?) compilers also
allow to leave it completely out, but it is nevertheless required: In a
variadic macro "there shall be more arguments in the invocation than there
are parameters in the macro definition (excluding the ...)." (C99,
6.10.3.4).

CBS (not the framework itself, but the macros used in the
cbs_*_syntax_template.c files) relies on the compiler allowing to leave
a variadic macro argument out. This leads to warnings when compiling in
-pedantic mode, e.g. "warning: must specify at least one argument for
'...' parameter of variadic macro [-Wgnu-zero-variadic-macro-arguments]"
from Clang.

Most of these warnings can be easily avoided: The syntax_templates
mostly contain helper macros that expand to more complex variadic macros
and these helper macros often omit an argument for the .... Modifying
them to always expand to complex macros with an empty argument for the
... at the end fixes most of these warnings: The number of warnings went
down from 400 to 0 for cbs_av1, from 1114 to 32 for cbs_h2645, from 38 to
0 for cbs_jpeg, from 166 to 0 for cbs_mpeg2 and from 110 to 8 for cbs_vp9.

These eight remaining warnings for cbs_vp9 have been fixed by switching
to another macro in cbs_vp9_syntax_template: The fixed values for the
sync bytes as well as the trailing bits for byte-alignment are now read
via the fixed() macro (this also adds a check to ensure that trailing
bits are indeed zero as they have to be).

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-04-12 23:23:49 +02:00
Andreas Rheinhardt
66fac1ff7c avcodec/cbs_h2645: Treat slices without data as invalid
Slices that end after their header (meaning slices after the header
without any data before the rbsp_stop_one_bit or possibly without any
rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures
that one doesn't run into two asserts in cbs_h2645_write_slice_data().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-03-10 20:22:32 +01:00
Andreas Rheinhardt
8f701932b3 avcodec/cbs_h2645: Remove dead code to delete trailing zeroes
Trailing zeroes are already discarded when splitting a fragment, which
makes the code to remove them when decomposing slices dead code.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-03-10 20:22:32 +01:00
Mark Thompson
bf0ab6e9c4 lavc/cbs_h2645: Add missing newlines in log messages 2020-02-09 20:36:44 +00:00
Andriy Gelman
ad326379c6 lavc/h2645_parse: Don't automatically remove nuh_layer_id > 0 packets
HEVC standard supports multi-layer streams (ITU-T H.265 02/2018 Annex
F). Each NAL unit belongs to a particular layer defined by nuh_layer_id
in the header.

Currently, all NAL units that do not belong to a base layer are
automatically removed in ff_h2645_packet_split(). Some data may
therefore be lost when future filters/decoders are designed to support
multi-layer streams.

A better approach is to forward nuh_layer_id > 0 packets and let blocks
down the chain decide how to process them. The condition to remove
packets has been moved to hevcdec and cbs.

Found-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-01-17 17:43:52 -03:00
Michael Niedermayer
285138ef14 avcodec/cbs_h2645: Skip all 0 NAL units
Fixes: assertion failure
Fixes: 19286/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-5707990724509696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-01-11 23:31:18 +01:00
Andriy Gelman
02a83e26de lavc/cbs_h2645: Fix incorrect max size of nalu unit
In the worst case the startcode prefix has 4 bytes.

This fixes a trigerred assertion:
Assertion dp <= max_size failed at libavcodec/cbs_h2645.c:1451

Found-by:libFuzzer
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2019-12-06 15:05:56 -03:00
Andreas Rheinhardt
cda3e8ca04 avcodec/cbs: Fix potential overflow
The number of bits in a PutBitContext must fit into an int, yet nothing
guaranteed the size argument cbs_write_unit_data() uses in init_put_bits()
to be in the range 0..INT_MAX / 8. This has been changed.

Furthermore, the check 8 * data_size > data_bit_start that there is
data beyond the initial padding when writing mpeg2 or H.264/5 slices
could also overflow, so divide it by 8 to get an equivalent check
without this problem.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-17 23:31:45 +00:00
Andreas Rheinhardt
7c92eaace2 avcodec/cbs: Factor out common code for writing units
All cbs-functions to write units share a common pattern:
1. They check whether they have a write buffer (that is used to store
the unit's data until the needed size becomes known after writing the
unit when a dedicated buffer will be allocated).
2. They use this buffer for a PutBitContext.
3. The (codec-specific) writing takes place through the PutBitContext.
4. The return value is checked. AVERROR(ENOSPC) here always indicates
that the buffer was too small and leads to a reallocation of said
buffer.
5. The final buffer will be allocated and the data copied.

This commit factors this common code out in a single function in cbs.c.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-17 23:31:44 +00:00
Andreas Rheinhardt
f3333c3c67 avcodec/cbs_h2645: Fix potential out-of-bounds array access
The maximum allowed index for an array access is FF_ARRAY_ELEMS - 1; yet
the current code allowed FF_ARRAY_ELEMS. This wasn't dangerous in practice,
as parameter sets with invalid ids were already filtered out during
reading.

Found via PVS-Studio (see ticket #8156).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-09-29 17:48:38 +01:00
Andreas Rheinhardt
f83ac5fd79 avcodec/cbs_h264: Automatically free SEI payload on error
If adding an SEI message to an access unit fails, said SEI message was
not touched, so that the caller had to free any data associated with it
that might need to be freed. But given that ff_cbs_h264_add_sei_message
can simply call cbs_h264_free_sei_payload, one can easily free
the content of the SEI payload.

This fixes a memleak when inserting a user data unregistered string for
h264_metadata fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-09-24 15:54:31 +01:00
Thierry Foucu
a80fdbcf13 lavc/cbs_h2645: Use av_realloc instead of av_malloc
Follow the description of av_realloc, the memory needs to be allocated
by av_realloc.
2019-08-28 21:57:48 +02:00
Andreas Rheinhardt
ae49993ce6 cbs_h264: Improve adding SEI messages
Up until now, if an SEI messages was to be added to a fragment, it was
tried to add said SEI message to the first SEI NAL unit of the fragment
and if this SEI NAL unit already contained H264_NAL_SEI SEI messages (an
arbitrary limit imposed by cbs_h264), adding failed; if there was no SEI
NAL unit, a new one has been added.
With this commit, the fragment is searched for further NAL units to add
the SEI messages to. If all of them are full, a new SEI NAL unit is added.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-29 22:25:10 +01:00
Andreas Rheinhardt
4e7e30bbe0 cbs: Don't set AVBuffer's opaque
cbs is currently inconsistent regarding the opaque field that can be
used as a special argument to av_buffer_create in order to be used
during freeing the buffer: ff_cbs_alloc_unit_content and all the free
functions used name this parameter as if it should contain a pointer to
the unit whose content is about to be created; but both
ff_cbs_alloc_unit_content as well as ff_cbs_h264_add_sei_message
actually use a pointer to the CodedBitstreamContext as opaque. It should
actually be neither, because it is unneeded (as is evidenced by the fact
that none of the free functions use this pointer at all) and because it
ties the unit's content to the lifetime of other objects, although a
refcounted buffer is supposed to have its own lifetime that only ends
when its reference count reaches zero. This problem manifests itself in
the pointer becoming dangling.
The pointer to the unit can become dangling if another unit is added to
the fragment later as happens in the bitstream filters; in this case,
the pointer can point to the wrong unit (if the fragment's unit array
needn't be relocated) or it can point to where the array was earlier.
It can also become dangling if the unit's content is meant to survive
the resetting of the fragment it was originally read with. This applies
to the extradata of H.264 and HEVC.
The pointer to the context can become dangling if the context is closed
before the content is freed. Although this doesn't seem to happen right
now, it could happen, in particular if one uses different
CodedBitstreamContexts for in- and output.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-29 22:25:10 +01:00
Andreas Rheinhardt
b71a0367a6 cbs: Remove useless initializations
Up until now, a temporary variable was used and initialized every time a
value was read in CBS; if reading turned out to be successfull, this
value was overwritten (without having ever been looked at) with the
value read if reading was successfull; on failure the variable wasn't
touched either. Therefore these initializations can be and have been
removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-27 22:00:43 +01:00
James Almer
e460dcc832 avcodec/cbs_h265: add support for Alpha Channel Info SEI messages
As defined in sections F.14.2.8 and F.14.3.8

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-07-20 11:28:09 -03:00
Andreas Rheinhardt
d4035ca849 cbs_h2645: Fix infinite loop in more_rbsp_data
cbs_h2645_read_more_rbsp_data does not handle malformed input very well:
1. If there were <= 8 bits left in the bitreader, these bits were read
via show_bits. But show_bits requires the number of bits to be read to
be > 0 (internally it shifts by 32 - number of bits to be read which is
undefined behaviour if said number is zero; there is also an assert for
this, but it is only an av_assert2). Furthermore, in this case a shift
by -1 was performed which is of course undefined behaviour, too.
2. If there were > 0 and <= 8 bits left and all of them were zero
(this can only happen for defective input), it was reported that there
was further RBSP data.

This can lead to an infinite loop in H.265's cbs_h265_read_extension_data
corresponding to the [vsp]ps_extension_data_flag syntax elements. If the
relevant flag indicates the (potential) occurence of these syntax elements,
while all bits after this flag are zero, cbs_h2645_read_more_rbsp_data
always returns 1 on x86. Given that a checked bitstream reader is used,
we are also not "saved" by an overflow in the bitstream reader's index.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-20 12:48:18 +01:00
Andreas Rheinhardt
f83b46e218 configure, cbs_h2645: Remove unneeded golomb dependency
This has been forgotten in 44cde38c.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-08 22:59:41 +01:00
Andreas Rheinhardt
d9418aba66 cbs_h264, h264_metadata: Deleting SEI messages never fails
Given the recent changes to ff_cbs_delete_unit, it is no longer sensible
to use a return value for ff_cbs_h264_delete_sei_message; instead, use
asserts to ensure that the required conditions are met and remove the
callers' checks for the return value. Also, document said conditions.

An assert that is essentially equivalent to the one used in
ff_cbs_delete_unit has been removed, too.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-08 22:59:41 +01:00