1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

102 Commits

Author SHA1 Message Date
Andreas Rheinhardt
2d5407d390 avcodec/golomb: Document return value of get_ue_golomb_31 on error
get_ue_golomb_31() reads nine bits and an array with 512 entries to
parse golomb codes. The longest golomb codes that fit into 9 bits use
four leading zeroes and five value bits and can encode numbers in the
0..30 range. 31 meanwhile is encoded on 11 bits and if the nine bits
read coincide with the first nine bits of the encoding of 31,
get_ue_golomb_31() returns 31 (and skips 11 bits).

But looking at the first nine bits only makes it impossible to distinguish
31 from 32..34. Therefore the documentation of get_ue_golomb_31() simply
states that the return value is undefined if the value of the encountered
exp golomb code was outside the 0..31 range.

But actually get_ue_golomb_31() does not behave that bad: If the returned
value is in the range of 0..30, then this is the actually encountered value,
so that this function can be used without any problems to parse and validate
parameters whose legal values are a subset of the 0..30 range.

This commit documents this fact.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-29 05:06:35 +02:00
Andreas Rheinhardt
69636b443c avcodec/golomb: Prevent shift by negative number
This happened in get_ue_golomb() if the cached bitstream reader was in
use, because there was no check to handle the case of the read value
not being in the supported range.
For consistency with the uncached bitstream reader and for compliance
with the documentation, every value not in the 0-8190 range is treated as
error although the cached bitstream reader could actually read values in
the range 0..65534 without problems.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-29 04:58:48 +02:00
Andreas Rheinhardt
39c4b78829 avcodec/golomb: Don't emit error message in get_ue_golomb
Said error message is not very informative and lacked a proper logging
context; furthermore, many callers already provided more descriptive
error messages of their own. So just drop this one.

Suggested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-07-28 11:34:38 +02:00
Michael Niedermayer
79d5d79f38 avcodec: Replace show_bits_long() by show_bits() where possible
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
1bb3b3f11c avcodec/golomb: Correct the doxy about get_ue_golomb() and errors
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:56:29 +02:00
Michael Niedermayer
6b4c9854da avcodec/golomb: Speed up long ur_golomb codes
Fixes: Timeout
Fixes: 10972/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5707569640243200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-11-13 22:28:12 +01:00
James Almer
9305bdc68f avcodec/get_bits: actually make cached reader correctly disabled 2018-08-30 22:47:31 +02:00
Paul B Mahol
ca079b0954 avcodec/get_bits: add cached bitstream reader
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2018-08-30 11:50:23 +02:00
Jun Zhao
e61abe2d73 lavc/golobm: Add set_ue_golomb_long to support up to 2^32 -2.
add set_ue_golomb_long to support up to 2^32-2.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-24 22:17:15 +02:00
Jun Zhao
ea1d07aed9 lavc/golomb: add value range comment for set_ue_golomb().
set_ue_golomb just support 2^16 - 2 at most, becase this function call
put_bits, and put_bits just support write up to 31 bits, when write 32
bit in put_bits, it's will overwrite the bit buffer, and the default
assert level is 0, the av_assert2(n <= 31 && value < (1U << n)) in
put_bits can not be trigger runtime.

Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-23 13:03:20 +02:00
Michael Niedermayer
db93fd74e4 avcodec/golomb: Assert that the input is not too large in set_ue_golomb()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-13 04:17:13 +02:00
Michael Niedermayer
2752410c47 avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:49 +02:00
Michael Niedermayer
0884b1c5ff avcodec/golomb: Assert that k is valid in get_ur_golomb_jpegls()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 18:25:02 +02:00
Clément Bœsch
52e6fb9c59 Merge commit 'f7407f56cbf820a147bd77d728ac9a72c587cc56'
* commit 'f7407f56cbf820a147bd77d728ac9a72c587cc56':
  golomb: Replace __PRETTY_FUNCTION__ with __func__ for tracing

Merged-by: Clément Bœsch <u@pkh.me>
2017-04-01 11:26:23 +02:00
Clément Bœsch
01e188762f Merge commit '83b92a855e8e08bdec484e13ee5a7c8996224772'
* commit '83b92a855e8e08bdec484e13ee5a7c8996224772':
  golomb: Drop disabled cruft

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-19 16:12:41 +01:00
Michael Niedermayer
3ab1311aba avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()
Fixes slow loops on fuzzed data
Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-08 02:47:47 +01:00
Diego Biurrun
f7407f56cb golomb: Replace __PRETTY_FUNCTION__ with __func__ for tracing
The former is a GNU extension while the latter is C99.
2016-11-15 09:41:08 +01:00
Diego Biurrun
83b92a855e golomb: Drop disabled cruft 2016-08-17 12:22:29 +02:00
Hendrik Leppkes
b20fe650ef Merge commit '4024b566d664a4b161d677554be52f32e7ad4236'
* commit '4024b566d664a4b161d677554be52f32e7ad4236':
  golomb: Give svq3_get_se_golomb()/svq3_get_ue_golomb() better names

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2016-06-26 15:12:48 +02:00
Hendrik Leppkes
e2836397f1 Merge commit '52567e8198669a1e7493c75771613f87a90466c3'
* commit '52567e8198669a1e7493c75771613f87a90466c3':
  get_bits: Drop some TRACE-level debug code

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2016-06-26 14:19:48 +02:00
Diego Biurrun
4024b566d6 golomb: Give svq3_get_se_golomb()/svq3_get_ue_golomb() better names 2016-05-25 16:37:43 +02:00
Diego Biurrun
52567e8198 get_bits: Drop some TRACE-level debug code
It will not be provided by the new bit reader anyway.
2016-05-22 20:22:43 +02:00
Mark Harris
c51c08e0e7 avcodec: Use get_ue_golomb_long() when needed
get_ue_golomb() cannot decode values larger than 8190 (the maximum
value that can be golomb encoded in 25 bits) and produces the error
"Invalid UE golomb code" if a larger value is encountered.  Use
get_ue_golomb_long() instead (which supports 63 bits, up to 4294967294)
when valid h264/hevc values can exceed 8190.

This updates decoding of the following values:   (maximum)
  first_mb_in_slice                                36863* for level 5.2
  abs_diff_pic_num_minus1                         131071
  difference_of_pic_nums_minus1                   131071
  idr_pic_id                                       65535
  recovery_frame_cnt                               65535
  frame_packing_arrangement_id                4294967294
  frame_packing_arrangement_repetition_period      16384
  display_orientation_repetition_period            16384

An alternative would be to modify get_ue_golomb() to handle encoded
values of up to 49 bits as was done for get_se_golomb() in a92816c.
In that case get_ue_golomb() could continue to be used for all of
these except frame_packing_arrangement_id.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-12-29 13:11:51 +01:00
Andreas Cadhalpun
22e960ad47 golomb: always check for invalid UE golomb codes in get_ue_golomb
Also correct the check to reject log < 7, because UPDATE_CACHE only
guarantees 25 meaningful bits.

This fixes undefined behavior:
runtime error: shift exponent is negative

Testing with START/STOP timers in get_ue_golomb, one for the first
branch (A) and one for the second (B), shows that there is practically no
slowdown, e.g. for the cavs decoder:

With the check in the B branch:
    629 decicycles in get_ue_golomb B, 4194260 runs,     44 skips
    433 decicycles in get_ue_golomb A,268434102 runs,   1354 skips

Without the check:
    624 decicycles in get_ue_golomb B, 4194273 runs,     31 skips
    433 decicycles in get_ue_golomb A,268434203 runs,   1253 skips

Since the B branch is executed far less often than the A branch, this
change is negligible, even more so for the h264 decoder, where the ratio
B/A is a lot smaller.

Fixes: mozilla bug 1230239
Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit

Found-by: Tyson Smith
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-12-14 20:51:39 +01:00
Michael Niedermayer
d0ac2f59aa avcodec/golomb: Remove disabled and broken code
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-19 03:25:53 +02:00
Michael Niedermayer
14c4b25158 avcodec/golomb: fix reading huge signed rice golomb values
No testcase is known, nor any case where such huge values would occur

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-17 19:36:38 +02:00
Michael Niedermayer
c720b9ce98 avcodec/golomb: get_ur_golomb_jpegls: Fix reading huge k values
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-17 19:36:32 +02:00
James Almer
ba625dd8a1 avcodec: use av_mod_uintp2() where useful
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
2015-04-21 22:41:20 -03:00
Michael Niedermayer
8617bc6ffa avcodec/golomb: Fix undefined shifts in unsigned rice decoding code
Found-by: Clang -fsanitize=shift
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-11 16:47:13 +01:00
Zeng Zhaoxiu
02fc168c93 avcodec/golomb: cleanup
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-07 20:18:32 +01:00
zhaoxiu.zeng
b11a187575 avcodec/golomb: simplify sign conversion
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14 00:41:45 +01:00
Michael Niedermayer
b0ae362a21 avcodec/golomb: use NULL for pointers instead of 0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-05 20:27:04 +01:00
Michael Niedermayer
9e59a7be1c Merge commit '91d305790ea0f6fe0f54b48236da42181c39c18b'
* commit '91d305790ea0f6fe0f54b48236da42181c39c18b':
  get_bits: Rename HAVE_BITS_REMAINING --> BITS_AVAILABLE

Conflicts:
	libavcodec/golomb.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-02 22:18:12 +02:00
Diego Biurrun
91d305790e get_bits: Rename HAVE_BITS_REMAINING --> BITS_AVAILABLE
The HAVE_ prefix is reserved for macros set by configure.
2014-09-02 13:10:38 +02:00
Michael Niedermayer
30e159366e Merge remote-tracking branch 'qatar/master'
* qatar/master:
  golomb: Fix the implementation of get_se_golomb_long

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-30 03:03:28 +02:00
Martin Storsjö
508a84e672 golomb: Fix the implementation of get_se_golomb_long
This was only used in hevc muxing code so far.

This makes the return values match what get_se_golomb returns for
the same bitstream reader instances.

The logic for producing a signed golomb code out of an unsigned one
was based on the corresponding code in get_se_golomb, which operated
directly on the bitstream reader buffer - not on the equivalent
return value from get_ue_golomb.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-03-30 00:28:27 +02:00
Michael Niedermayer
d79d5aed6d Merge commit '5eacbb53289570834f9a1acb15fd406ea224eef6'
* commit '5eacbb53289570834f9a1acb15fd406ea224eef6':
  golomb: Add a get_se_golomb_long

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-10 22:33:32 +01:00
Luca Barbato
5eacbb5328 golomb: Add a get_se_golomb_long
Useful in libavformat mostly.
2014-03-10 10:58:37 +01:00
Michael Niedermayer
caac12bd49 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  golomb: reduce scope of a few variables

Conflicts:
	libavcodec/golomb.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-24 10:44:42 +02:00
Vittorio Giovara
fb13fe8342 golomb: reduce scope of a few variables
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2013-10-24 02:04:34 +02:00
Michael Niedermayer
02a31f6a74 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  golomb: K&R formatting cosmetics

Conflicts:
	libavcodec/golomb.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-23 19:45:07 +02:00
Vittorio Giovara
2c993e8b5e golomb: K&R formatting cosmetics
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2013-10-23 13:17:23 +02:00
Michael Niedermayer
a92816c4eb get_se_golomb: fix decoding of very large values
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-09 01:17:41 +01:00
Michael Niedermayer
fd165ace7b golomb: check log validity before shifting
Fixes invalid right shift in fate-cavs

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-18 15:41:32 +01:00
Michael Niedermayer
5c076205a6 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  golomb: use unsigned arithmetics in svq3_get_ue_golomb()
  x86: float_dsp: fix loading of the len parameter on x86-32
  takdec: fix initialisation of LOCAL_ALIGNED array
  takdec: fix initialisation of LOCAL_ALIGNED array

Conflicts:
	libavcodec/rv30.c
	libavcodec/svq3.c
	libavcodec/takdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-12-08 16:36:47 +01:00
Janne Grunau
9a2e79116d golomb: use unsigned arithmetics in svq3_get_ue_golomb()
This prevents undefined behaviour of signed left shift if the coded
value is larger than 2^31. Large values are most likely invalid and
caused errors or by feeding random.

Validate every use of svq3_get_ue_golomb() and changed the place there
the return value was compared with negative numbers. dirac.c was clean,
fixed rv30 and svq3.
2012-12-08 12:55:10 +01:00
Michael Niedermayer
31ab1575e5 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  avcodec: Convert some commented-out printf/av_log instances to av_dlog
  avcodec: Drop silly and/or broken printf debug output
  avcodec: Drop some silly commented-out av_log() invocations
  avformat: Convert some commented-out printf/av_log instances to av_dlog
  avformat: Remove non-compiling and/or silly commented-out printf/av_log statements
  Remove some silly disabled code.
  ac3dec: ensure get_buffer() gets a buffer for the correct number of channels

Conflicts:
	libavcodec/dnxhddec.c
	libavcodec/ffv1.c
	libavcodec/h264.c
	libavcodec/h264_parser.c
	libavcodec/mjpegdec.c
	libavcodec/motion_est_template.c
	libavcodec/mpegaudiodec.c
	libavcodec/mpegvideo_enc.c
	libavcodec/put_bits.h
	libavcodec/ratecontrol.c
	libavcodec/wmaenc.c
	libavdevice/timefilter.c
	libavformat/asfdec.c
	libavformat/avidec.c
	libavformat/avienc.c
	libavformat/flvenc.c
	libavformat/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-10-01 16:12:38 +02:00
Diego Biurrun
6f6b0311a3 avcodec: Drop some silly commented-out av_log() invocations 2012-10-01 10:24:28 +02:00
Michael Niedermayer
2acb5cd907 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  libopus: Remap channels using libopus' internal remapping.
  Opus decoder using libopus
  avcodec: document the use of AVCodecContext.delay for audio decoding
  vc1dec: add flush function for WMV9 and VC-1 decoders
  http: Increase buffer sizes to cope with longer URIs
  nutenc: const correctness for ff_put_v_trace/put_s_trace function arguments
  h264_refs: Fix debug tprintf argument types
  golomb: const correctness for get_ue()/get_se() function arguments
  get_bits: const correctness for get_bits_trace()/get_xbits_trace() arguments

Conflicts:
	Changelog
	libavcodec/Makefile
	libavcodec/version.h
	libavformat/http.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-09-28 13:54:40 +02:00
Diego Biurrun
80412997c8 golomb: const correctness for get_ue()/get_se() function arguments 2012-09-27 19:10:10 +02:00