[FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
Nuo Mi
nuomi2021 at gmail.com
Tue Jan 30 15:25:03 EET 2024
On Tue, Jan 30, 2024 at 9:13 PM Frank Plowman <post at frankplowman.com> wrote:
> On 30/01/2024 12:55, Frank Plowman wrote:
> > On 30/01/2024 12:31, Nuo Mi wrote:
> >
> >> On Tue, Jan 30, 2024 at 5:41 PM<post at frankplowman.com> wrote:
> >>> From: Frank Plowman<post at frankplowman.com>
> >>>
> >>> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
> >>> least one OLS specified by the VPS contains more than one layer," is
> >>> set if num_multi_layer_olss is non-zero.
> >>>
> >>> Fixes:
> >>>
> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
> >>>
> >>> Found-by: continuous fuzzing process
> >>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >>> Signed-off-by
> >>> <
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by
> >:
> >>> Frank Plowman<post at frankplowman.com>
> >>> ---
> >>> libavcodec/cbs_h266_syntax_template.c | 2 ++
> >>> 1 file changed, 2 insertions(+)
> >>>
> >>> diff --git a/libavcodec/cbs_h266_syntax_template.c
> >>> b/libavcodec/cbs_h266_syntax_template.c
> >>> index 2f3478e5e1..37dc3acba0 100644
> >>> --- a/libavcodec/cbs_h266_syntax_template.c
> >>> +++ b/libavcodec/cbs_h266_syntax_template.c
> >>> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
> >>> RWContext *rw,
> >>> num_multi_layer_olss++;
> >>> }
> >>> }
> >>> + if (!current->vps_each_layer_is_an_ols_flag &&
> >>> num_multi_layer_olss == 0)
> >>> + return AVERROR_INVALIDDATA;
> >>> }
> >> The specification does not provide information on how to obtain
> >> TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3.
> >> Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0,
> >> total_num_olss -
> >> 1)" is undefined.
> >> We'd better return a patch welcome error instead of printing a warning
> >> before vps_num_ptls_minus1 line
> >
> > This is the same behaviour James suggested in an earlier patch. The spec
> > says "decoders conforming to this version of this Specification shall
> > ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this
> > should be an error as the spec is unambiguous here. Perhaps we can
> > instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is
> > there some better way to ignore these OLSs?
>
> For reference, VTM's behaviour is the same as the current behaviour:
> TotalNumOlss is assumed to be 0 when ols_mode_idc, hence most of the
> remaining syntax elements in the VPS are not read as they are within
>
But once you read the vps_num_ptls_minus1, your behaviors are undefined.
because you do not know vps_num_ptls_minus1 should be less than
TotalNumOlss. and TotalNumOlss is undefined for ols_mode_idc == 3.
:)
>
> for (i = 0; i < total_num_olss; i++)
>
> loops or other loops with bounds derived from total_num_olss. On the
> other hand, VVdeC's behaviour is the same as you suggest: it throws an
> error if total_num_olss is 3.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
More information about the ffmpeg-devel
mailing list