[FFmpeg-devel] [PATCH] avcodec/hevc_ps: improve check for missing default display window bitstream

Michael Niedermayer michael at niedermayer.cc
Tue Sep 12 01:52:53 EEST 2017


On Thu, Sep 07, 2017 at 09:49:54PM -0300, James Almer wrote:
> Fixes ticket #6644
> 
> Signed-off-by: James Almer <jamrial at gmail.com>
> ---
>  libavcodec/hevc_ps.c | 33 +++++++++++++++++++++++++++------
>  1 file changed, 27 insertions(+), 6 deletions(-)
> 
> diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> index ee31cc093c..eb104ca1b9 100644
> --- a/libavcodec/hevc_ps.c
> +++ b/libavcodec/hevc_ps.c
> @@ -550,7 +550,7 @@ err:
>  static void decode_vui(GetBitContext *gb, AVCodecContext *avctx,
>                         int apply_defdispwin, HEVCSPS *sps)
>  {
> -    VUI *vui          = &sps->vui;
> +    VUI backup_vui, *vui = &sps->vui;
>      GetBitContext backup;
>      int sar_present, alt = 0;
>  
> @@ -618,13 +618,14 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx,
>      vui->field_seq_flag                = get_bits1(gb);
>      vui->frame_field_info_present_flag = get_bits1(gb);
>  
> +    // Backup context in case an alternate header is detected
> +    memcpy(&backup, gb, sizeof(backup));
> +    memcpy(&backup_vui, vui, sizeof(backup_vui));
>      if (get_bits_left(gb) >= 68 && show_bits_long(gb, 21) == 0x100000) {
>          vui->default_display_window_flag = 0;
>          av_log(avctx, AV_LOG_WARNING, "Invalid default display window\n");
>      } else
>          vui->default_display_window_flag = get_bits1(gb);
> -    // Backup context in case an alternate header is detected
> -    memcpy(&backup, gb, sizeof(backup));
>  
>      if (vui->default_display_window_flag) {
>          int vert_mult  = 1 + (sps->chroma_format_idc < 2);
> @@ -651,18 +652,19 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx,
>          }
>      }
>  
> +timing_info:
>      vui->vui_timing_info_present_flag = get_bits1(gb);
>  
>      if (vui->vui_timing_info_present_flag) {
> -        if( get_bits_left(gb) < 66) {
> +        if( get_bits_left(gb) < 66 && !alt) {
>              // The alternate syntax seem to have timing info located
>              // at where def_disp_win is normally located
>              av_log(avctx, AV_LOG_WARNING,
>                     "Strange VUI timing information, retrying...\n");
> -            vui->default_display_window_flag = 0;
> -            memset(&vui->def_disp_win, 0, sizeof(vui->def_disp_win));
> +            memcpy(vui, &backup_vui, sizeof(backup_vui));
>              memcpy(gb, &backup, sizeof(backup));
>              alt = 1;
> +            goto timing_info;
>          }
>          vui->vui_num_units_in_tick               = get_bits_long(gb, 32);
>          vui->vui_time_scale                      = get_bits_long(gb, 32);
> @@ -680,6 +682,15 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx,
>  
>      vui->bitstream_restriction_flag = get_bits1(gb);
>      if (vui->bitstream_restriction_flag) {
> +        if (get_bits_left(gb) < 8 && !alt) {
> +            av_log(avctx, AV_LOG_WARNING,
> +                   "Strange VUI bitstream restriction information, retrying"
> +                   " from timing information...\n");
> +            memcpy(vui, &backup_vui, sizeof(backup_vui));
> +            memcpy(gb, &backup, sizeof(backup));
> +            alt = 1;
> +            goto timing_info;
> +        }
>          vui->tiles_fixed_structure_flag              = get_bits1(gb);
>          vui->motion_vectors_over_pic_boundaries_flag = get_bits1(gb);
>          vui->restricted_ref_pic_lists_flag           = get_bits1(gb);
> @@ -689,6 +700,16 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx,
>          vui->log2_max_mv_length_horizontal           = get_ue_golomb_long(gb);
>          vui->log2_max_mv_length_vertical             = get_ue_golomb_long(gb);
>      }
> +
> +    if (get_bits_left(gb) < 1 && !alt) {
> +        // XXX: Alternate syntax when sps_range_extension_flag != 0?
> +        av_log(avctx, AV_LOG_WARNING,
> +               "Overread in VUI, retrying from timing information...\n");
> +        memcpy(vui, &backup_vui, sizeof(backup_vui));
> +        memcpy(gb, &backup, sizeof(backup));
> +        alt = 1;
> +        goto timing_info;
> +    }
>  }

the duplicated code is a bit ugly, but the change itself should be ok

thanks

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Dictatorship naturally arises out of democracy, and the most aggravated
form of tyranny and slavery out of the most extreme liberty. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170912/e2f45e62/attachment.sig>


More information about the ffmpeg-devel mailing list