[FFmpeg-devel] Re: [PATCH] diracdec: check that block length is large enough

Wed, 06 May 2015 06:47:02 -0700 

On 06.05.2015 01:49, Michael Niedermayer wrote:
> On Tue, May 05, 2015 at 10:39:50PM +0200, Andreas Cadhalpun wrote:
>> +    if (s->plane[0].xblen >> s->chroma_x_shift <= 0 || s->plane[0].yblen >> 
>> s->chroma_y_shift <= 0) {
>> +        av_log(s->avctx, AV_LOG_ERROR, "Block length too small\n");
>> +        return -1;
>> +    }
> 
> a broader check is possible
> the spec says "Frame height shall be an integer multiple of picture chroma 
> height."
> in 10.5.1
> ive not found an equivalent for width but from rounding the chroma
> width down i doubt that the spec intends to allow non multiplies for
> the width

OK, new patch attached.

Best regards,
Andreas


>From 2269fc041c160a7e5acff6984186240f05d90bf0 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
Date: Wed, 6 May 2015 15:34:53 +0200
Subject: [PATCH] diracdec: check that block length is valid

In init_planes p->xblen and p->yblen are set to:
            p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
            p->yblen = s->plane[0].yblen >> s->chroma_y_shift;

These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
    av_assert2(start_x < end_x && block_w > 0);
    av_assert2(start_y < end_y && block_h > 0);

Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
---
 libavcodec/diracdec.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index d452982..deb4b26 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -902,6 +902,14 @@ static int dirac_unpack_prediction_parameters(DiracContext *s)
     /*[DIRAC_STD] 11.2.4 motion_data_dimensions()
       Calculated in function dirac_unpack_block_motion_data */
 
+    if (s->plane[0].xblen % (1 << s->chroma_x_shift) != 0 ||
+        s->plane[0].yblen % (1 << s->chroma_y_shift) != 0 ||
+        !s->plane[0].xblen || !s->plane[0].yblen) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "invalid x/y block length (%d/%d) for x/y chroma shift (%d/%d)\n",
+               s->plane[0].xblen, s->plane[0].yblen, s->chroma_x_shift, s->chroma_y_shift);
+        return AVERROR_INVALIDDATA;
+    }
     if (!s->plane[0].xbsep || !s->plane[0].ybsep || s->plane[0].xbsep < s->plane[0].xblen/2 || s->plane[0].ybsep < s->plane[0].yblen/2) {
         av_log(s->avctx, AV_LOG_ERROR, "Block separation too small\n");
         return -1;
-- 
2.1.4


_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to