[FFmpeg-devel] Abort early on decode_slice error

Michael Niedermayer michael at niedermayer.cc
Sat Feb 3 22:00:36 EET 2018 

On Sat, Feb 03, 2018 at 02:29:00AM -0800, Xiaohan Wang (王消寒) wrote:
> 

>  h264_slice.c |   17 ++++++++++++++++-
>  1 file changed, 16 insertions(+), 1 deletion(-)
> 7fc1e8d4e0df4223089d2466c5a76b12a9171003  0001-ffmpeg-Abort-early-on-decode_slice-error.patch
> From 971866f88bba20d7e2a993b1125bde6a8a5228d9 Mon Sep 17 00:00:00 2001
> From: Xiaohan Wang <xhwang at chromium.org>
> Date: Sat, 3 Feb 2018 01:43:35 -0800
> Subject: [PATCH] ffmpeg: Abort early on decode_slice error
> 
> When decode_slice() fails, it is possible that ff_h264_decode_mb_cavlc()
> failed due to wrong sl->qscale values, e.g. dquant out of range. In this
> case, we should abort early instead of continue. Otherwise, we could be
> using the wrong sl->qscale and cause access violations.
> 
> BUG=806122
> ---
>  libavcodec/h264_slice.c | 17 ++++++++++++++++-
>  1 file changed, 16 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
> index e6b7998834..a638414688 100644
> --- a/libavcodec/h264_slice.c
> +++ b/libavcodec/h264_slice.c
> @@ -2734,6 +2734,7 @@ int ff_h264_execute_decode_slices(H264Context *h)
>      H264SliceContext *sl;
>      int context_count = h->nb_slice_ctx_queued;
>      int ret = 0;
> +    int *ret_array = NULL;
>      int i, j;
>  
>      h->slice_ctx[0].next_slice_idx = INT_MAX;
> @@ -2776,8 +2777,21 @@ int ff_h264_execute_decode_slices(H264Context *h)
>              sl->next_slice_idx = next_slice_idx;
>          }
>  
> +        ret_array = av_malloc_array(context_count, sizeof(int));
> +        if (!ret_array) {
> +            ret = AVERROR(ENOMEM);
> +            goto finish;
> +        }
> +
>          avctx->execute(avctx, decode_slice, h->slice_ctx,
> -                       NULL, context_count, sizeof(h->slice_ctx[0]));
> +                       ret_array, context_count, sizeof(h->slice_ctx[0]));
> +
> +        for (i = 0; i < context_count; i++) {
> +            if (ret_array[i] < 0) {
> +                ret = ret_array[i];
> +                goto finish;
> +            }
> +        }

This will break error concealment as it skips some of the code
used for it
it also would skip loop filtering of the correctly decoded slices
in some cases


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180203/0b17cbc3/attachment.sig>

More information about the ffmpeg-devel mailing list