Re: [FFmpeg-devel] [PATCH] lavc/vvc: Validate IBC block vector

Tue, 25 Jun 2024 10:05:34 -0700 

On 25/06/2024 15:19, Nuo Mi wrote:
> On Mon, Jun 24, 2024 at 9:31 PM Frank Plowman <p...@frankplowman.com> wrote:
> 
>> From H.266 (V3) (09/2023) p. 321:
>>
>> It is a requirement of bitstream conformance that the luma block
>> vector bvL shall obey the following constraints:
>> - CtbSizeY is greater than or equal to
>> ((yCb + (bvL[ 1 ] >> 4)) & (CtbSizeY − 1)) + cbHeight
>>
>> This patch checks this is true, which fixes crashes on fuzzed
>> bitstreams.
>>
>> Signed-off-by: Frank Plowman <p...@frankplowman.com>
>> ---
>>  libavcodec/vvc/intra.c  | 25 ++++++++++++++++++++++---
>>  libavcodec/vvc/thread.c |  4 +---
>>  2 files changed, 23 insertions(+), 6 deletions(-)
>>
>> diff --git a/libavcodec/vvc/intra.c b/libavcodec/vvc/intra.c
>> index f77a012f09..11371db797 100644
>> --- a/libavcodec/vvc/intra.c
>> +++ b/libavcodec/vvc/intra.c
>> @@ -624,15 +624,26 @@ static void intra_block_copy(const VVCLocalContext
>> *lc, const int c_idx)
>>      }
>>  }
>>
>> -static void vvc_predict_ibc(const VVCLocalContext *lc)
>> +static int vvc_predict_ibc(const VVCLocalContext *lc)
>>  {
>> -    const H266RawSPS *rsps = lc->fc->ps.sps->r;
>> +    const VVCFrameContext *fc = lc->fc;
>> +    const VVCSPS *sps         = lc->fc->ps.sps;
>> +    const H266RawSPS *rsps    = sps->r;
>> +    const CodingUnit *cu      = lc->cu;
>> +    const Mv *bv              = &cu->pu.mi.mv[L0][0];
>> +
>> +    if (sps->ctb_size_y < ((cu->y0 + (bv->y >> 4)) & (sps->ctb_size_y -
>> 1)) + cu->cb_height) {
>> +        av_log(fc->log_ctx, AV_LOG_ERROR, "IBC region spans multiple
>> CTBs.\n");
>> +        return AVERROR_INVALIDDATA;
>> +    }
> 
> Hi Frank,
> Thank you for the patch.
> Could we wrap it as a function and call it in ff_vvc_mvp_ibc and
> ff_vvc_luma_mv_merge_ibc?
> This will help us detect errors earlier.
> 

I agree that's a better place to do the check.  I didn't realise the
code paths were already so separate for IBC there.  v2 sent.

Cheers,
--
Frank
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to