[FFmpeg-cvslog] cbs_av1: Reject thirty-two zero bits in uvlc code

Mark Thompson git at videolan.org
Wed Jul 24 17:49:12 EEST 2024 

ffmpeg | branch: release/4.3 | Mark Thompson <sw at jkqxz.net> | Sun Oct 22 19:35:52 2023 +0100| [93c16626b5bddaabf883227efc8d2f02a2030d18] | committer: Michael Niedermayer

cbs_av1: Reject thirty-two zero bits in uvlc code

The spec allows at least thirty-two zero bits followed by a one to mean
2^32-1, with no constraint on the number of zeroes.  The libaom
reference decoder does not match this, instead reading thirty-two zeroes
but not the following one to mean 2^32-1.  These two interpretations are
incompatible and other implementations may follow one or the other.
Therefore reject thirty-two zeroes because the intended behaviour is not
clear.

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7110a36ba07f85ca2996d3b99898a4819e72d9bb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93c16626b5bddaabf883227efc8d2f02a2030d18
---

 libavcodec/cbs_av1.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index 0adf83f770..3c24460ecf 100644
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -36,7 +36,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
         position = get_bits_count(gbc);
 
     zeroes = 0;
-    while (1) {
+    while (zeroes < 32) {
         if (get_bits_left(gbc) < 1) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
                    "%s: bitstream ended.\n", name);
@@ -49,7 +49,18 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
     }
 
     if (zeroes >= 32) {
-        value = MAX_UINT_BITS(32);
+        // The spec allows at least thirty-two zero bits followed by a
+        // one to mean 2^32-1, with no constraint on the number of
+        // zeroes.  The libaom reference decoder does not match this,
+        // instead reading thirty-two zeroes but not the following one
+        // to mean 2^32-1.  These two interpretations are incompatible
+        // and other implementations may follow one or the other.
+        // Therefore we reject thirty-two zeroes because the intended
+        // behaviour is not clear.
+        av_log(ctx->log_ctx, AV_LOG_ERROR, "Thirty-two zero bits in "
+               "%s uvlc code: considered invalid due to conflicting "
+               "standard and reference decoder behaviour.\n", name);
+        return AVERROR_INVALIDDATA;
     } else {
         if (get_bits_left(gbc) < zeroes) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "

More information about the ffmpeg-cvslog mailing list