On Sun, May 26, 2024 at 5:16 PM Frank Plowman <p...@frankplowman.com> wrote:
> Per VVCv3 p. 157, the collocated reference picture used in temporal
> motion vector prediction must have RprConstraintsActiveFlag equal to
> zero and the same CTU size as the current picture. Add these checks,
> fixing crashes decoding some fuzzed bitstreams.
>
> Additionally, only set up the collocated reference picture if it is
> actually going to be used (i.e. if ph_temporal_mvp_enabled_flag is 1),
> else legal RPR bitstreams will fail the new checks.
>
Applied, thank you, Frank.
>
> Co-authored-by: Nuo Mi <nuomi2...@gmail.com>
> Signed-off-by: Frank Plowman <p...@frankplowman.com>
> ---
> libavcodec/vvc/refs.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/vvc/refs.c b/libavcodec/vvc/refs.c
> index fb42963034..8b7ba639a3 100644
> --- a/libavcodec/vvc/refs.c
> +++ b/libavcodec/vvc/refs.c
> @@ -506,9 +506,14 @@ int ff_vvc_slice_rpl(VVCContext *s, VVCFrameContext
> *fc, SliceContext *sc)
> return ret;
> }
> }
> - if ((!rsh->sh_collocated_from_l0_flag) == lx &&
> - rsh->sh_collocated_ref_idx < rpl->nb_refs)
> - fc->ref->collocated_ref =
> rpl->refs[rsh->sh_collocated_ref_idx].ref;
> + if (ph->r->ph_temporal_mvp_enabled_flag &&
> + (!rsh->sh_collocated_from_l0_flag) == lx &&
> + rsh->sh_collocated_ref_idx < rpl->nb_refs) {
> + const VVCRefPic *refp = rpl->refs +
> rsh->sh_collocated_ref_idx;
> + if (refp->is_scaled || refp->ref->sps->ctb_log2_size_y !=
> sps->ctb_log2_size_y)
> + return AVERROR_INVALIDDATA;
> + fc->ref->collocated_ref = refp->ref;
> + }
> }
> return 0;
> }
> --
> 2.44.0
>
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
