diff options
Diffstat (limited to 'libavcodec/h264_ps.c')
-rw-r--r-- | libavcodec/h264_ps.c | 307 |
1 files changed, 195 insertions, 112 deletions
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index b3a0e8a..17bfa78 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -2,20 +2,20 @@ * H.26L/H.264/AVC/JVT/14496-10/... parameter set decoding * Copyright (c) 2003 Michael Niedermayer <michaelni@gmx.at> * - * This file is part of Libav. + * This file is part of FFmpeg. * - * Libav is free software; you can redistribute it and/or + * FFmpeg is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * - * Libav is distributed in the hope that it will be useful, + * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with Libav; if not, write to the Free Software + * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ @@ -28,39 +28,17 @@ #include <inttypes.h> #include "libavutil/imgutils.h" - -#include "golomb_legacy.h" #include "internal.h" #include "mathops.h" #include "avcodec.h" #include "h264data.h" #include "h264_ps.h" +#include "golomb.h" -#define MAX_LOG2_MAX_FRAME_NUM (12 + 4) #define MIN_LOG2_MAX_FRAME_NUM 4 #define EXTENDED_SAR 255 -static const AVRational pixel_aspect[17] = { - { 0, 1 }, - { 1, 1 }, - { 12, 11 }, - { 10, 11 }, - { 16, 11 }, - { 40, 33 }, - { 24, 11 }, - { 20, 11 }, - { 32, 11 }, - { 80, 33 }, - { 18, 11 }, - { 15, 11 }, - { 64, 33 }, - { 160, 99 }, - { 4, 3 }, - { 3, 2 }, - { 2, 1 }, -}; - static const uint8_t default_scaling4[2][16] = { { 6, 13, 20, 28, 13, 20, 28, 32, 20, 28, 32, 37, 28, 32, 37, 42 }, @@ -109,23 +87,20 @@ static const int level_max_dpb_mbs[][2] = { static void remove_pps(H264ParamSets *s, int id) { - if (s->pps_list[id] && s->pps == (const PPS*)s->pps_list[id]->data) - s->pps = NULL; av_buffer_unref(&s->pps_list[id]); } static void remove_sps(H264ParamSets *s, int id) { +#if 0 int i; if (s->sps_list[id]) { - if (s->sps == (SPS*)s->sps_list[id]->data) - s->sps = NULL; - /* drop all PPS that depend on this SPS */ for (i = 0; i < FF_ARRAY_ELEMS(s->pps_list); i++) if (s->pps_list[i] && ((PPS*)s->pps_list[i]->data)->sps_id == id) remove_pps(s, i); } +#endif av_buffer_unref(&s->sps_list[id]); } @@ -168,8 +143,8 @@ static inline int decode_vui_parameters(GetBitContext *gb, AVCodecContext *avctx if (aspect_ratio_idc == EXTENDED_SAR) { sps->sar.num = get_bits(gb, 16); sps->sar.den = get_bits(gb, 16); - } else if (aspect_ratio_idc < FF_ARRAY_ELEMS(pixel_aspect)) { - sps->sar = pixel_aspect[aspect_ratio_idc]; + } else if (aspect_ratio_idc < FF_ARRAY_ELEMS(ff_h264_pixel_aspect)) { + sps->sar = ff_h264_pixel_aspect[aspect_ratio_idc]; } else { av_log(avctx, AV_LOG_ERROR, "illegal aspect ratio\n"); return AVERROR_INVALIDDATA; @@ -210,15 +185,23 @@ static inline int decode_vui_parameters(GetBitContext *gb, AVCodecContext *avctx get_ue_golomb(gb); /* chroma_sample_location_type_bottom_field */ } + if (show_bits1(gb) && get_bits_left(gb) < 10) { + av_log(avctx, AV_LOG_WARNING, "Truncated VUI\n"); + return 0; + } + sps->timing_info_present_flag = get_bits1(gb); if (sps->timing_info_present_flag) { - sps->num_units_in_tick = get_bits_long(gb, 32); - sps->time_scale = get_bits_long(gb, 32); - if (!sps->num_units_in_tick || !sps->time_scale) { + unsigned num_units_in_tick = get_bits_long(gb, 32); + unsigned time_scale = get_bits_long(gb, 32); + if (!num_units_in_tick || !time_scale) { av_log(avctx, AV_LOG_ERROR, - "time_scale/num_units_in_tick invalid or unsupported (%"PRIu32"/%"PRIu32")\n", - sps->time_scale, sps->num_units_in_tick); - return AVERROR_INVALIDDATA; + "time_scale/num_units_in_tick invalid or unsupported (%u/%u)\n", + time_scale, num_units_in_tick); + sps->timing_info_present_flag = 0; + } else { + sps->num_units_in_tick = num_units_in_tick; + sps->time_scale = time_scale; } sps->fixed_frame_rate_flag = get_bits1(gb); } @@ -235,7 +218,8 @@ static inline int decode_vui_parameters(GetBitContext *gb, AVCodecContext *avctx sps->vcl_hrd_parameters_present_flag) get_bits1(gb); /* low_delay_hrd_flag */ sps->pic_struct_present_flag = get_bits1(gb); - + if (!get_bits_left(gb)) + return 0; sps->bitstream_restriction_flag = get_bits1(gb); if (sps->bitstream_restriction_flag) { get_bits1(gb); /* motion_vectors_over_pic_boundaries_flag */ @@ -260,16 +244,11 @@ static inline int decode_vui_parameters(GetBitContext *gb, AVCodecContext *avctx return AVERROR_INVALIDDATA; } } - if (get_bits_left(gb) < 0) { - av_log(avctx, AV_LOG_ERROR, - "Overread VUI by %d bits\n", -get_bits_left(gb)); - return AVERROR_INVALIDDATA; - } return 0; } -static void decode_scaling_list(GetBitContext *gb, uint8_t *factors, int size, +static int decode_scaling_list(GetBitContext *gb, uint8_t *factors, int size, const uint8_t *jvt_list, const uint8_t *fallback_list) { @@ -279,18 +258,26 @@ static void decode_scaling_list(GetBitContext *gb, uint8_t *factors, int size, memcpy(factors, fallback_list, size * sizeof(uint8_t)); else for (i = 0; i < size; i++) { - if (next) - next = (last + get_se_golomb(gb)) & 0xff; + if (next) { + int v = get_se_golomb(gb); + if (v < -128 || v > 127) { + av_log(NULL, AV_LOG_ERROR, "delta scale %d is invalid\n", v); + return AVERROR_INVALIDDATA; + } + next = (last + v) & 0xff; + } if (!i && !next) { /* matrix not written, we use the preset one */ memcpy(factors, jvt_list, size * sizeof(uint8_t)); break; } last = factors[scan[i]] = next ? next : last; } + return 0; } -static void decode_scaling_matrices(GetBitContext *gb, SPS *sps, - PPS *pps, int is_sps, +/* returns non zero if the provided SPS scaling matrix has been filled */ +static int decode_scaling_matrices(GetBitContext *gb, const SPS *sps, + const PPS *pps, int is_sps, uint8_t(*scaling_matrix4)[16], uint8_t(*scaling_matrix8)[64]) { @@ -301,37 +288,69 @@ static void decode_scaling_matrices(GetBitContext *gb, SPS *sps, fallback_sps ? sps->scaling_matrix8[0] : default_scaling8[0], fallback_sps ? sps->scaling_matrix8[3] : default_scaling8[1] }; + int ret = 0; if (get_bits1(gb)) { - sps->scaling_matrix_present |= is_sps; - decode_scaling_list(gb, scaling_matrix4[0], 16, default_scaling4[0], fallback[0]); // Intra, Y - decode_scaling_list(gb, scaling_matrix4[1], 16, default_scaling4[0], scaling_matrix4[0]); // Intra, Cr - decode_scaling_list(gb, scaling_matrix4[2], 16, default_scaling4[0], scaling_matrix4[1]); // Intra, Cb - decode_scaling_list(gb, scaling_matrix4[3], 16, default_scaling4[1], fallback[1]); // Inter, Y - decode_scaling_list(gb, scaling_matrix4[4], 16, default_scaling4[1], scaling_matrix4[3]); // Inter, Cr - decode_scaling_list(gb, scaling_matrix4[5], 16, default_scaling4[1], scaling_matrix4[4]); // Inter, Cb + ret |= decode_scaling_list(gb, scaling_matrix4[0], 16, default_scaling4[0], fallback[0]); // Intra, Y + ret |= decode_scaling_list(gb, scaling_matrix4[1], 16, default_scaling4[0], scaling_matrix4[0]); // Intra, Cr + ret |= decode_scaling_list(gb, scaling_matrix4[2], 16, default_scaling4[0], scaling_matrix4[1]); // Intra, Cb + ret |= decode_scaling_list(gb, scaling_matrix4[3], 16, default_scaling4[1], fallback[1]); // Inter, Y + ret |= decode_scaling_list(gb, scaling_matrix4[4], 16, default_scaling4[1], scaling_matrix4[3]); // Inter, Cr + ret |= decode_scaling_list(gb, scaling_matrix4[5], 16, default_scaling4[1], scaling_matrix4[4]); // Inter, Cb if (is_sps || pps->transform_8x8_mode) { - decode_scaling_list(gb, scaling_matrix8[0], 64, default_scaling8[0], fallback[2]); // Intra, Y + ret |= decode_scaling_list(gb, scaling_matrix8[0], 64, default_scaling8[0], fallback[2]); // Intra, Y + ret |= decode_scaling_list(gb, scaling_matrix8[3], 64, default_scaling8[1], fallback[3]); // Inter, Y if (sps->chroma_format_idc == 3) { - decode_scaling_list(gb, scaling_matrix8[1], 64, default_scaling8[0], scaling_matrix8[0]); // Intra, Cr - decode_scaling_list(gb, scaling_matrix8[2], 64, default_scaling8[0], scaling_matrix8[1]); // Intra, Cb - } - decode_scaling_list(gb, scaling_matrix8[3], 64, default_scaling8[1], fallback[3]); // Inter, Y - if (sps->chroma_format_idc == 3) { - decode_scaling_list(gb, scaling_matrix8[4], 64, default_scaling8[1], scaling_matrix8[3]); // Inter, Cr - decode_scaling_list(gb, scaling_matrix8[5], 64, default_scaling8[1], scaling_matrix8[4]); // Inter, Cb + ret |= decode_scaling_list(gb, scaling_matrix8[1], 64, default_scaling8[0], scaling_matrix8[0]); // Intra, Cr + ret |= decode_scaling_list(gb, scaling_matrix8[4], 64, default_scaling8[1], scaling_matrix8[3]); // Inter, Cr + ret |= decode_scaling_list(gb, scaling_matrix8[2], 64, default_scaling8[0], scaling_matrix8[1]); // Intra, Cb + ret |= decode_scaling_list(gb, scaling_matrix8[5], 64, default_scaling8[1], scaling_matrix8[4]); // Inter, Cb } } + if (!ret) + ret = is_sps; } + + return ret; +} + +void ff_h264_ps_uninit(H264ParamSets *ps) +{ + int i; + + for (i = 0; i < MAX_SPS_COUNT; i++) + av_buffer_unref(&ps->sps_list[i]); + + for (i = 0; i < MAX_PPS_COUNT; i++) + av_buffer_unref(&ps->pps_list[i]); + + av_buffer_unref(&ps->sps_ref); + av_buffer_unref(&ps->pps_ref); + + ps->pps = NULL; + ps->sps = NULL; } int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, - H264ParamSets *ps) + H264ParamSets *ps, int ignore_truncation) { AVBufferRef *sps_buf; int profile_idc, level_idc, constraint_set_flags = 0; unsigned int sps_id; int i, log2_max_frame_num_minus4; SPS *sps; + int ret; + + sps_buf = av_buffer_allocz(sizeof(*sps)); + if (!sps_buf) + return AVERROR(ENOMEM); + sps = (SPS*)sps_buf->data; + + sps->data_size = gb->buffer_end - gb->buffer; + if (sps->data_size > sizeof(sps->data)) { + av_log(avctx, AV_LOG_DEBUG, "Truncating likely oversized SPS\n"); + sps->data_size = sizeof(sps->data); + } + memcpy(sps->data, gb->buffer, sps->data_size); profile_idc = get_bits(gb, 8); constraint_set_flags |= get_bits1(gb) << 0; // constraint_set0_flag @@ -346,23 +365,20 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, if (sps_id >= MAX_SPS_COUNT) { av_log(avctx, AV_LOG_ERROR, "sps_id %u out of range\n", sps_id); - return AVERROR_INVALIDDATA; + goto fail; } - sps_buf = av_buffer_allocz(sizeof(*sps)); - if (!sps_buf) - return AVERROR(ENOMEM); - sps = (SPS*)sps_buf->data; - sps->sps_id = sps_id; sps->time_offset_length = 24; sps->profile_idc = profile_idc; sps->constraint_set_flags = constraint_set_flags; sps->level_idc = level_idc; + sps->full_range = -1; memset(sps->scaling_matrix4, 16, sizeof(sps->scaling_matrix4)); memset(sps->scaling_matrix8, 16, sizeof(sps->scaling_matrix8)); sps->scaling_matrix_present = 0; + sps->colorspace = 2; //AVCOL_SPC_UNSPECIFIED if (sps->profile_idc == 100 || // High profile sps->profile_idc == 110 || // High10 profile @@ -376,12 +392,16 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, sps->profile_idc == 138 || // Multiview Depth High profile (MVCD) sps->profile_idc == 144) { // old High444 profile sps->chroma_format_idc = get_ue_golomb_31(gb); - if (sps->chroma_format_idc > 3) { + if (sps->chroma_format_idc > 3U) { avpriv_request_sample(avctx, "chroma_format_idc %u", sps->chroma_format_idc); goto fail; } else if (sps->chroma_format_idc == 3) { sps->residual_color_transform_flag = get_bits1(gb); + if (sps->residual_color_transform_flag) { + av_log(avctx, AV_LOG_ERROR, "separate color planes are not supported\n"); + goto fail; + } } sps->bit_depth_luma = get_ue_golomb(gb) + 8; sps->bit_depth_chroma = get_ue_golomb(gb) + 8; @@ -390,9 +410,18 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, "Different chroma and luma bit depth"); goto fail; } + if (sps->bit_depth_luma < 8 || sps->bit_depth_luma > 14 || + sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 14) { + av_log(avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n", + sps->bit_depth_luma, sps->bit_depth_chroma); + goto fail; + } sps->transform_bypass = get_bits1(gb); - decode_scaling_matrices(gb, sps, NULL, 1, - sps->scaling_matrix4, sps->scaling_matrix8); + ret = decode_scaling_matrices(gb, sps, NULL, 1, + sps->scaling_matrix4, sps->scaling_matrix8); + if (ret < 0) + goto fail; + sps->scaling_matrix_present |= ret; } else { sps->chroma_format_idc = 1; sps->bit_depth_luma = 8; @@ -412,7 +441,12 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, sps->poc_type = get_ue_golomb_31(gb); if (sps->poc_type == 0) { // FIXME #define - sps->log2_max_poc_lsb = get_ue_golomb(gb) + 4; + unsigned t = get_ue_golomb(gb); + if (t>12) { + av_log(avctx, AV_LOG_ERROR, "log2_max_poc_lsb (%d) is out of range\n", t); + goto fail; + } + sps->log2_max_poc_lsb = t + 4; } else if (sps->poc_type == 1) { // FIXME #define sps->delta_pic_order_always_zero_flag = get_bits1(gb); sps->offset_for_non_ref_pic = get_se_golomb(gb); @@ -434,6 +468,8 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, } sps->ref_frame_count = get_ue_golomb_31(gb); + if (avctx->codec_tag == MKTAG('S', 'M', 'V', '2')) + sps->ref_frame_count = FFMAX(2, sps->ref_frame_count); if (sps->ref_frame_count > MAX_DELAYED_PIC_COUNT) { av_log(avctx, AV_LOG_ERROR, "too many reference frames %d\n", sps->ref_frame_count); @@ -445,12 +481,17 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, sps->frame_mbs_only_flag = get_bits1(gb); - if (sps->mb_height >= INT_MAX / 2) { + if (sps->mb_height >= INT_MAX / 2U) { av_log(avctx, AV_LOG_ERROR, "height overflow\n"); goto fail; } sps->mb_height *= 2 - sps->frame_mbs_only_flag; + if (!sps->frame_mbs_only_flag) + sps->mb_aff = get_bits1(gb); + else + sps->mb_aff = 0; + if ((unsigned)sps->mb_width >= INT_MAX / 16 || (unsigned)sps->mb_height >= INT_MAX / 16 || av_image_check_size(16 * sps->mb_width, @@ -459,17 +500,7 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, goto fail; } - if (!sps->frame_mbs_only_flag) - sps->mb_aff = get_bits1(gb); - else - sps->mb_aff = 0; - sps->direct_8x8_inference_flag = get_bits1(gb); - if (!sps->frame_mbs_only_flag && !sps->direct_8x8_inference_flag) { - av_log(avctx, AV_LOG_ERROR, - "This stream was generated by a broken encoder, invalid 8x8 inference\n"); - goto fail; - } #ifndef ALLOW_INTERLACE if (sps->mb_aff) @@ -482,6 +513,8 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, unsigned int crop_right = get_ue_golomb(gb); unsigned int crop_top = get_ue_golomb(gb); unsigned int crop_bottom = get_ue_golomb(gb); + int width = 16 * sps->mb_width; + int height = 16 * sps->mb_height; if (avctx->flags2 & AV_CODEC_FLAG2_IGNORE_CROP) { av_log(avctx, AV_LOG_DEBUG, "discarding sps cropping, original " @@ -499,16 +532,15 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, int step_x = 1 << hsub; int step_y = (2 - sps->frame_mbs_only_flag) << vsub; - if (INT_MAX / step_x <= crop_left || - INT_MAX / step_x - crop_left <= crop_right || - 16 * sps->mb_width <= step_x * (crop_left + crop_right) || - INT_MAX / step_y <= crop_top || - INT_MAX / step_y - crop_top <= crop_bottom || - 16 * sps->mb_height <= step_y * (crop_top + crop_bottom)) { - av_log(avctx, AV_LOG_WARNING, "Invalid crop parameters\n"); - if (avctx->err_recognition & AV_EF_EXPLODE) - goto fail; - crop_left = crop_right = crop_top = crop_bottom = 0; + if (crop_left > (unsigned)INT_MAX / 4 / step_x || + crop_right > (unsigned)INT_MAX / 4 / step_x || + crop_top > (unsigned)INT_MAX / 4 / step_y || + crop_bottom> (unsigned)INT_MAX / 4 / step_y || + (crop_left + crop_right ) * step_x >= width || + (crop_top + crop_bottom) * step_y >= height + ) { + av_log(avctx, AV_LOG_ERROR, "crop values invalid %d %d %d %d / %d %d\n", crop_left, crop_right, crop_top, crop_bottom, width, height); + goto fail; } sps->crop_left = crop_left * step_x; @@ -527,7 +559,14 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, sps->vui_parameters_present_flag = get_bits1(gb); if (sps->vui_parameters_present_flag) { int ret = decode_vui_parameters(gb, avctx, sps); - if (ret < 0 && avctx->err_recognition & AV_EF_EXPLODE) + if (ret < 0) + goto fail; + } + + if (get_bits_left(gb) < 0) { + av_log(avctx, ignore_truncation ? AV_LOG_WARNING : AV_LOG_ERROR, + "Overread %s by %d bits\n", sps->vui_parameters_present_flag ? "VUI" : "SPS", -get_bits_left(gb)); + if (!ignore_truncation) goto fail; } @@ -551,7 +590,7 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, if (avctx->debug & FF_DEBUG_PICT_INFO) { static const char csp[4][5] = { "Gray", "420", "422", "444" }; av_log(avctx, AV_LOG_DEBUG, - "sps:%u profile:%d/%d poc:%d ref:%d %dx%d %s %s crop:%u/%u/%u/%u %s %s %"PRId32"/%"PRId32"\n", + "sps:%u profile:%d/%d poc:%d ref:%d %dx%d %s %s crop:%u/%u/%u/%u %s %s %"PRId32"/%"PRId32" b%d reo:%d\n", sps_id, sps->profile_idc, sps->level_idc, sps->poc_type, sps->ref_frame_count, @@ -563,7 +602,10 @@ int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx, sps->vui_parameters_present_flag ? "VUI" : "", csp[sps->chroma_format_idc], sps->timing_info_present_flag ? sps->num_units_in_tick : 0, - sps->timing_info_present_flag ? sps->time_scale : 0); + sps->timing_info_present_flag ? sps->time_scale : 0, + sps->bit_depth_luma, + sps->bitstream_restriction_flag ? sps->num_reorder_frames : -1 + ); } /* check if this is a repeat of an already parsed SPS, then keep the @@ -641,6 +683,8 @@ static void init_dequant_tables(PPS *pps, const SPS *sps) { int i, x; init_dequant4_coeff_table(pps, sps); + memset(pps->dequant8_coeff, 0, sizeof(pps->dequant8_coeff)); + if (pps->transform_8x8_mode) init_dequant8_coeff_table(pps, sps); if (sps->transform_bypass) { @@ -663,11 +707,25 @@ static void build_qp_table(PPS *pps, int t, int index, const int depth) ff_h264_chroma_qp[depth - 8][av_clip(i + index, 0, max_qp)]; } +static int more_rbsp_data_in_pps(const SPS *sps, void *logctx) +{ + int profile_idc = sps->profile_idc; + + if ((profile_idc == 66 || profile_idc == 77 || + profile_idc == 88) && (sps->constraint_set_flags & 7)) { + av_log(logctx, AV_LOG_VERBOSE, + "Current profile doesn't provide more RBSP data in PPS, skipping\n"); + return 0; + } + + return 1; +} + int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avctx, H264ParamSets *ps, int bit_length) { AVBufferRef *pps_buf; - SPS *sps; + const SPS *sps; unsigned int pps_id = get_ue_golomb(gb); PPS *pps; int qp_bd_offset; @@ -684,6 +742,15 @@ int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avct return AVERROR(ENOMEM); pps = (PPS*)pps_buf->data; + pps->data_size = gb->buffer_end - gb->buffer; + if (pps->data_size > sizeof(pps->data)) { + av_log(avctx, AV_LOG_DEBUG, "Truncating likely oversized PPS " + "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n", + pps->data_size, sizeof(pps->data)); + pps->data_size = sizeof(pps->data); + } + memcpy(pps->data, gb->buffer, pps->data_size); + pps->sps_id = get_ue_golomb_31(gb); if ((unsigned)pps->sps_id >= MAX_SPS_COUNT || !ps->sps_list[pps->sps_id]) { @@ -691,11 +758,17 @@ int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avct ret = AVERROR_INVALIDDATA; goto fail; } - sps = (SPS*)ps->sps_list[pps->sps_id]->data; - - if (sps->bit_depth_luma > 10) { - avpriv_report_missing_feature(avctx, "Luma bit depth=%d (max=10)", - sps->bit_depth_luma); + sps = (const SPS*)ps->sps_list[pps->sps_id]->data; + if (sps->bit_depth_luma > 14) { + av_log(avctx, AV_LOG_ERROR, + "Invalid luma bit depth=%d\n", + sps->bit_depth_luma); + ret = AVERROR_INVALIDDATA; + goto fail; + } else if (sps->bit_depth_luma == 11 || sps->bit_depth_luma == 13) { + avpriv_report_missing_feature(avctx, + "Unimplemented luma bit depth=%d", + sps->bit_depth_luma); ret = AVERROR_PATCHWELCOME; goto fail; } @@ -719,9 +792,14 @@ int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avct pps->weighted_pred = get_bits1(gb); pps->weighted_bipred_idc = get_bits(gb, 2); - pps->init_qp = get_se_golomb(gb) + 26 + qp_bd_offset; - pps->init_qs = get_se_golomb(gb) + 26 + qp_bd_offset; + pps->init_qp = get_se_golomb(gb) + 26U + qp_bd_offset; + pps->init_qs = get_se_golomb(gb) + 26U + qp_bd_offset; pps->chroma_qp_index_offset[0] = get_se_golomb(gb); + if (pps->chroma_qp_index_offset[0] < -12 || pps->chroma_qp_index_offset[0] > 12) { + ret = AVERROR_INVALIDDATA; + goto fail; + } + pps->deblocking_filter_parameters_present = get_bits1(gb); pps->constrained_intra_pred = get_bits1(gb); pps->redundant_pic_cnt_present = get_bits1(gb); @@ -733,13 +811,18 @@ int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avct sizeof(pps->scaling_matrix8)); bits_left = bit_length - get_bits_count(gb); - if (bits_left && (bits_left > 8 || - show_bits(gb, bits_left) != 1 << (bits_left - 1))) { + if (bits_left > 0 && more_rbsp_data_in_pps(sps, avctx)) { pps->transform_8x8_mode = get_bits1(gb); - decode_scaling_matrices(gb, sps, pps, 0, + ret = decode_scaling_matrices(gb, sps, pps, 0, pps->scaling_matrix4, pps->scaling_matrix8); + if (ret < 0) + goto fail; // second_chroma_qp_index_offset pps->chroma_qp_index_offset[1] = get_se_golomb(gb); + if (pps->chroma_qp_index_offset[1] < -12 || pps->chroma_qp_index_offset[1] > 12) { + ret = AVERROR_INVALIDDATA; + goto fail; + } } else { pps->chroma_qp_index_offset[1] = pps->chroma_qp_index_offset[0]; } |