1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

103 Commits

Author SHA1 Message Date
Andreas Rheinhardt
ab2173c0a5 avcodec/cbs_h2645: Avoid function pointer casts, fix UB
The SEI message read/write functions are called
via function pointers where the SEI message-specific
context is passed as void*. But the actual function
definitions use a pointer to their proper context
in place of void*, making the calls undefined behaviour.
Clang UBSan 17 warns about this.

This commit fixes this by adding wrapper functions
(created via macros) that have the right type that
call the actual functions. This reduced the number of failing
FATE tests with UBSan from 164 to 85 here.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-02-25 13:42:47 +01:00
Frank Plowman
0c517fcbe8 lavc/vvc: Fix emulation prevention byte handling
nal->skipped_bytes_pos contains the positions of errors relative to the
start of the slice header, whereas the position they were tested against
is relative to the start of the slice data, i.e. one byte after the end
of the slice header.

Patch fixes this by storing the size of the slice header in H266RawSlice
and adding it to the position given by the GetBitContext before
comparing to skipped_bytes_pos.  This fixes AVERROR_INVALIDDATAs for
various valid bitstreams, such as the LMCS_B_Dolby_2 conformance
bitstream.

Signed-off-by: Frank Plowman <post@frankplowman.com>
2024-01-27 11:29:40 -03:00
Andreas Rheinhardt
3f890fbfd9 avcodec/cbs_h2645: Fix leak of SPS VUI extension data
Fixes: VUI extension leak
Fixes: 63004/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4928832253329408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-11-04 01:27:41 +01:00
Michael Niedermayer
61b86add52
avcodec/cbs_h2645: Fix showing bits at the end in cbs_read_se_golomb()
Fixes: Assertion n>0 && n<=25 failed at libavcodec/get_bits.h:375
Fixes: 62618/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-5145745046765568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-16 01:14:09 +02:00
Michael Niedermayer
75eb698bdc
avcodec/cbs_h2645: Fix showing bits at the end in cbs_read_ue_golomb()
Fixes: Assertion n>0 && n<=25 failed at libavcodec/get_bits.h:375
Fixes: 62617/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5156555663998976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-16 01:14:08 +02:00
Andreas Rheinhardt
3ba4f9c21e avcodec/cbs_sei: Use RefStruct API for SEI messages
The SEI message code uses the AVBuffer API for its SEI messages
and contained buffers (like the extension buffer for HEVC
or the user data (un)registered payload buffers).

Contrary to the ordinary CBS code (where some of these
contained buffer references are actually references
to the provided AVPacket's data so that one can't replace
them with the RefStruct API), the CBS SEI code never uses
outside buffers at all and can therefore be switched entirely
to the RefStruct API. This avoids the overhead inherent
in the AVBuffer API (namely the separate allocations etc.).

Notice that the refcounting here is actually currently unused;
the refcounts are always one (or zero in case of no refcounting);
its only advantage is the flexibility provided by custom
free functions.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-07 22:35:14 +02:00
Andreas Rheinhardt
3e9b8d14e5 avcodec/cbs: Use RefStruct-API for unit content
This avoids allocations and error checks etc. as well
as duplicate pointer lists in the CodedBitstreamFooContexts.
It also avoids casting const away for use as opaque,
as the RefStruct API supports const opaques.

The fact that some of the units are not refcounted
(i.e. they are sometimes part of an encoding context
like VAAPIEncodeH264Context) meant that CodedBitstreamUnit
still contains two pointers, one to the content
and another ownership pointer, replacing the AVBufferRef* pointer.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-07 22:35:05 +02:00
Mark Thompson
abe16daea1 cbs: Make tracing more general
Turn tracing into callbacks for each syntax element, with default
callbacks to match current trace_headers behaviour for debug.  Move
the construction of bit strings into the trace callback, which
simplifies all of the read and write functions.

Signed-off-by: Fei Wang <fei.w.wang@intel.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
2023-09-22 13:15:00 +08:00
Andreas Rheinhardt
a105b11a9d avcodec/cbs: Add specialization for ff_cbs_(read|write)_unsigned()
These functions allow not only to read and write unsigned values,
but also to check ranges and to emit trace output which can be
beautified when processing arrays (indices like "[i]" are replaced
by their actual numbers).

Yet lots of callers actually only need something simpler:
Their range is only implicitly restricted by the amount
of bits used and they are not part of arrays, hence don't
need this beautification.

This commit adds specializations for these callers;
this is very beneficial size-wise (it reduced the size
of .text by 23312 bytes here), as a call is now cheaper.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-07-30 21:36:31 +02:00
Michael Niedermayer
0ba719f726
avcodec/cbs_h2645: Avoid an unchecked bytesteram read
The unchecked read caused the 2nd subsequent tell call to move backward resulting
in a negative length

Fixes: assertion failure
Fixes: 60276/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5434126636023808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-07-25 23:17:29 +02:00
James Almer
68e9d2835f avcodec/cbs_h266: add support for Adaptation parameter set NALU type
Reviewed-by: Nuo Mi <nuomi2021@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2023-07-06 11:43:13 -03:00
James Almer
8995e2f77e avcodec/cbs_h266: add support for Decoding capability information NALU type
Signed-off-by: James Almer <jamrial@gmail.com>
2023-07-05 18:18:33 -03:00
James Almer
6cb57bb457 avcodec/cbs_h266: add support for Operating point information NALU type
Signed-off-by: James Almer <jamrial@gmail.com>
2023-07-05 18:18:33 -03:00
James Almer
995976750a avcodec/cbs_h2645: fix parsing and storing Picture Header references in the context
Signed-off-by: James Almer <jamrial@gmail.com>
2023-06-30 08:26:38 -03:00
Nuo Mi
dfc62fd1c6 avcodec/cbs: add cbs implementation for H266/VVC
Add CodedBitstreamContext to parse VPS,SPS,PPS in VVC nal units.
Implement parsing and writing of SPS,PPS,VPS,PH,AUD,SEI and slices.
Add ff_cbs_type_h266 to cbs types tables and AV_CODEC_ID_H266
to cbs codec ids.

Co-authored-by: Thomas Siedel <thomas.ff@spin-digital.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2023-06-29 14:12:50 -03:00
Zhao Zhili
4144584010 avcodec/cbs_h2645: add discard_unit implementation for H.265 2023-06-19 11:52:18 +08:00
Zhao Zhili
e7cde0cbd5 avcodec/cbs_h2645: add discarded_unit implementation for H.264 2023-06-19 11:52:18 +08:00
Jan Ekström
f4bebc0c34 avcodec/cbs_{h2645,sei}: add support for Ambient Viewing Environment SEI
Defined by H.274, this SEI message is utilized by iPhones to save
the nominal ambient viewing environment for the display of recorded
HDR content.
2023-01-13 20:53:02 +02:00
Andreas Rheinhardt
0d408f4013 avcodec/cbs_h2645: Remove always-false check
The functions to replace parameter sets are only called
after the respective parameter set has just been read or
has just been written; all of these functions check
that the id field is within the appropriate range.
So the checks in the replace-functions can be removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-08-08 11:29:34 +02:00
Andreas Rheinhardt
2ba04bafb4 avcodec/cbs: Remove ff_cbs_alloc_unit_content
It is no longer used.
Also rename ff_cbs_alloc_unit_content2 to ff_cbs_alloc_unit_content.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-08-08 11:29:33 +02:00
Andreas Rheinhardt
b37805ddbd avcodec/cbs_internal, cbs_h2645: Add and use new descriptor macros
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-08-08 11:29:33 +02:00
Andreas Rheinhardt
55c605f72c avcodec/cbs_h2645: Remove unnecessary (h264|hevc)_sei.h inclusions
They are unnecessary since the SEI enum has been moved
to sei.h.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-02 08:58:20 +02:00
Andreas Rheinhardt
66d7a21132 avcodec/cbs: Make ff_cbs_insert_unit_data() always append the new unit
All split functions (the only users of this function) only
append units.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-02-08 06:02:05 +01:00
James Almer
794e15fd54 cbs_h265: add support for Film Grain Characteristics SEI message
Signed-off-by: James Almer <jamrial@gmail.com>
2021-08-06 09:56:44 -03:00
James Almer
41d1dba4d2 cbs_h264: add support for Film Grain Characteristics SEI messages
Signed-off-by: James Almer <jamrial@gmail.com>
2021-07-23 11:05:04 -03:00
Mark Thompson
8843607f49 cbs_h2645: Merge SEI message handling in common between codecs 2021-01-21 17:13:54 +00:00
Mark Thompson
773857df59 hevc: Use common SEI types 2021-01-21 17:13:54 +00:00
Mark Thompson
64b3aac8d0 h264: Use common SEI types 2021-01-21 17:13:54 +00:00
Mark Thompson
4bf3384800 cbs_h2645: Merge SEI messages in common between codecs
Make a new template file for common SEI messages - this will also apply
to H.266.
2021-01-21 17:13:54 +00:00
Nuo Mi
2ad21ee9d4 avcodec/cbs_h2645: Move zero_byte check to its own function
Signed-off-by: Mark Thompson <sw@jkqxz.net>
2021-01-11 21:34:43 +00:00
James Almer
c35cf9fe53 avcodec/cbs_h2645: remove dead code in cbs_h2645_replace_ps()
Missed in 0720e15c03. PS units are now guaranteed
to always be reference counter.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-12-01 13:21:23 -03:00
James Almer
0c84253353 avcodec/cbs_h2645: implement CodedBitstreamType.flush() callbacks
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
Mark Thompson
e38646de1c cbs_h265: Use table-based alloc/free 2020-09-02 00:00:57 +01:00
Mark Thompson
0720e15c03 cbs_h2645: Ensure that non-refcounted parameter sets are fully copied
Only copying the main structure is not necessarily sufficient - there
could be references to substructures.
2020-09-02 00:00:57 +01:00
Mark Thompson
2cb152d52f cbs_h264: Use table-based alloc/free 2020-09-02 00:00:57 +01:00
Andreas Rheinhardt
1bdbc50bf4 avcodec/cbs: Remove unused function parameters
Several cbs-functions had an unused CodedBitstreamContext parameter.
This commit removes these.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-07 04:46:51 +02:00
James Almer
ef13fafe22 avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-14 16:42:04 -03:00
James Almer
3d51d3b42d avcodec/cbs_h265: add missing support for reserved_payload_extension_data SEI bits
Fixes ticket #8622

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-03 19:53:01 -03:00
James Almer
3a41bac4e2 avcodec/cbs_h265: move the payload_extension_present check into its own function
Will be reused in the following patch.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-03 19:53:01 -03:00
Andreas Rheinhardt
14dd0a9057 avcodec/cbs: Avoid leaving the ... out in calls to variadic macros
According to C99, there has to be at least one argument for every ...
in a variadic function-like macro. In practice most (all?) compilers also
allow to leave it completely out, but it is nevertheless required: In a
variadic macro "there shall be more arguments in the invocation than there
are parameters in the macro definition (excluding the ...)." (C99,
6.10.3.4).

CBS (not the framework itself, but the macros used in the
cbs_*_syntax_template.c files) relies on the compiler allowing to leave
a variadic macro argument out. This leads to warnings when compiling in
-pedantic mode, e.g. "warning: must specify at least one argument for
'...' parameter of variadic macro [-Wgnu-zero-variadic-macro-arguments]"
from Clang.

Most of these warnings can be easily avoided: The syntax_templates
mostly contain helper macros that expand to more complex variadic macros
and these helper macros often omit an argument for the .... Modifying
them to always expand to complex macros with an empty argument for the
... at the end fixes most of these warnings: The number of warnings went
down from 400 to 0 for cbs_av1, from 1114 to 32 for cbs_h2645, from 38 to
0 for cbs_jpeg, from 166 to 0 for cbs_mpeg2 and from 110 to 8 for cbs_vp9.

These eight remaining warnings for cbs_vp9 have been fixed by switching
to another macro in cbs_vp9_syntax_template: The fixed values for the
sync bytes as well as the trailing bits for byte-alignment are now read
via the fixed() macro (this also adds a check to ensure that trailing
bits are indeed zero as they have to be).

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-04-12 23:23:49 +02:00
Andreas Rheinhardt
66fac1ff7c avcodec/cbs_h2645: Treat slices without data as invalid
Slices that end after their header (meaning slices after the header
without any data before the rbsp_stop_one_bit or possibly without any
rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures
that one doesn't run into two asserts in cbs_h2645_write_slice_data().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-03-10 20:22:32 +01:00
Andreas Rheinhardt
8f701932b3 avcodec/cbs_h2645: Remove dead code to delete trailing zeroes
Trailing zeroes are already discarded when splitting a fragment, which
makes the code to remove them when decomposing slices dead code.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-03-10 20:22:32 +01:00
Mark Thompson
bf0ab6e9c4 lavc/cbs_h2645: Add missing newlines in log messages 2020-02-09 20:36:44 +00:00
Andriy Gelman
ad326379c6 lavc/h2645_parse: Don't automatically remove nuh_layer_id > 0 packets
HEVC standard supports multi-layer streams (ITU-T H.265 02/2018 Annex
F). Each NAL unit belongs to a particular layer defined by nuh_layer_id
in the header.

Currently, all NAL units that do not belong to a base layer are
automatically removed in ff_h2645_packet_split(). Some data may
therefore be lost when future filters/decoders are designed to support
multi-layer streams.

A better approach is to forward nuh_layer_id > 0 packets and let blocks
down the chain decide how to process them. The condition to remove
packets has been moved to hevcdec and cbs.

Found-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-01-17 17:43:52 -03:00
Michael Niedermayer
285138ef14 avcodec/cbs_h2645: Skip all 0 NAL units
Fixes: assertion failure
Fixes: 19286/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_REDUNDANT_PPS_fuzzer-5707990724509696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-01-11 23:31:18 +01:00
Andriy Gelman
02a83e26de lavc/cbs_h2645: Fix incorrect max size of nalu unit
In the worst case the startcode prefix has 4 bytes.

This fixes a trigerred assertion:
Assertion dp <= max_size failed at libavcodec/cbs_h2645.c:1451

Found-by:libFuzzer
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2019-12-06 15:05:56 -03:00
Andreas Rheinhardt
cda3e8ca04 avcodec/cbs: Fix potential overflow
The number of bits in a PutBitContext must fit into an int, yet nothing
guaranteed the size argument cbs_write_unit_data() uses in init_put_bits()
to be in the range 0..INT_MAX / 8. This has been changed.

Furthermore, the check 8 * data_size > data_bit_start that there is
data beyond the initial padding when writing mpeg2 or H.264/5 slices
could also overflow, so divide it by 8 to get an equivalent check
without this problem.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-17 23:31:45 +00:00
Andreas Rheinhardt
7c92eaace2 avcodec/cbs: Factor out common code for writing units
All cbs-functions to write units share a common pattern:
1. They check whether they have a write buffer (that is used to store
the unit's data until the needed size becomes known after writing the
unit when a dedicated buffer will be allocated).
2. They use this buffer for a PutBitContext.
3. The (codec-specific) writing takes place through the PutBitContext.
4. The return value is checked. AVERROR(ENOSPC) here always indicates
that the buffer was too small and leads to a reallocation of said
buffer.
5. The final buffer will be allocated and the data copied.

This commit factors this common code out in a single function in cbs.c.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-17 23:31:44 +00:00
Andreas Rheinhardt
f3333c3c67 avcodec/cbs_h2645: Fix potential out-of-bounds array access
The maximum allowed index for an array access is FF_ARRAY_ELEMS - 1; yet
the current code allowed FF_ARRAY_ELEMS. This wasn't dangerous in practice,
as parameter sets with invalid ids were already filtered out during
reading.

Found via PVS-Studio (see ticket #8156).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-09-29 17:48:38 +01:00
Andreas Rheinhardt
f83ac5fd79 avcodec/cbs_h264: Automatically free SEI payload on error
If adding an SEI message to an access unit fails, said SEI message was
not touched, so that the caller had to free any data associated with it
that might need to be freed. But given that ff_cbs_h264_add_sei_message
can simply call cbs_h264_free_sei_payload, one can easily free
the content of the SEI payload.

This fixes a memleak when inserting a user data unregistered string for
h264_metadata fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-09-24 15:54:31 +01:00