diff options
Diffstat (limited to 'libavcodec/hevc_ps.c')
-rw-r--r-- | libavcodec/hevc_ps.c | 453 |
1 files changed, 343 insertions, 110 deletions
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 2faee96bbf..d507c9ba8d 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -6,25 +6,24 @@ * Copyright (C) 2012 - 2013 Gildas Cocherel * Copyright (C) 2013 Vittorio Giovara * - * This file is part of Libav. + * This file is part of FFmpeg. * - * Libav is free software; you can redistribute it and/or + * FFmpeg is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * - * Libav is distributed in the hope that it will be useful, + * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with Libav; if not, write to the Free Software + * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "libavutil/imgutils.h" - #include "golomb.h" #include "hevc.h" @@ -88,6 +87,8 @@ static void remove_sps(HEVCParamSets *s, int id) for (i = 0; i < FF_ARRAY_ELEMS(s->pps_list); i++) if (s->pps_list[i] && ((HEVCPPS*)s->pps_list[i]->data)->sps_id == id) remove_pps(s, i); + + av_assert0(!(s->sps_list[id] && s->sps == (HEVCSPS*)s->sps_list[id]->data)); } av_buffer_unref(&s->sps_list[id]); } @@ -121,7 +122,8 @@ int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, if (rps_predict) { const ShortTermRPS *rps_ridx; - int delta_rps, abs_delta_rps; + int delta_rps; + unsigned abs_delta_rps; uint8_t use_delta_flag = 0; uint8_t delta_rps_sign; @@ -139,6 +141,12 @@ int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, delta_rps_sign = get_bits1(gb); abs_delta_rps = get_ue_golomb_long(gb) + 1; + if (abs_delta_rps < 1 || abs_delta_rps > 32768) { + av_log(avctx, AV_LOG_ERROR, + "Invalid value of abs_delta_rps: %d\n", + abs_delta_rps); + return AVERROR_INVALIDDATA; + } delta_rps = (1 - (delta_rps_sign << 1)) * abs_delta_rps; for (i = 0; i <= rps_ridx->num_delta_pocs; i++) { int used = rps->used[k] = get_bits1(gb); @@ -226,11 +234,14 @@ int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, } -static void decode_profile_tier_level(GetBitContext *gb, AVCodecContext *avctx, +static int decode_profile_tier_level(GetBitContext *gb, AVCodecContext *avctx, PTLCommon *ptl) { int i; + if (get_bits_left(gb) < 2+1+5 + 32 + 4 + 16 + 16 + 12) + return -1; + ptl->profile_space = get_bits(gb, 2); ptl->tier_flag = get_bits1(gb); ptl->profile_idc = get_bits(gb, 5); @@ -240,6 +251,8 @@ static void decode_profile_tier_level(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Main 10 profile bitstream\n"); else if (ptl->profile_idc == FF_PROFILE_HEVC_MAIN_STILL_PICTURE) av_log(avctx, AV_LOG_DEBUG, "Main Still Picture profile bitstream\n"); + else if (ptl->profile_idc == FF_PROFILE_HEVC_REXT) + av_log(avctx, AV_LOG_DEBUG, "Range Extension profile bitstream\n"); else av_log(avctx, AV_LOG_WARNING, "Unknown HEVC profile: %d\n", ptl->profile_idc); @@ -253,28 +266,48 @@ static void decode_profile_tier_level(GetBitContext *gb, AVCodecContext *avctx, skip_bits(gb, 16); // XXX_reserved_zero_44bits[0..15] skip_bits(gb, 16); // XXX_reserved_zero_44bits[16..31] skip_bits(gb, 12); // XXX_reserved_zero_44bits[32..43] + + return 0; } -static void parse_ptl(GetBitContext *gb, AVCodecContext *avctx, +static int parse_ptl(GetBitContext *gb, AVCodecContext *avctx, PTL *ptl, int max_num_sub_layers) { int i; - decode_profile_tier_level(gb, avctx, &ptl->general_ptl); + if (decode_profile_tier_level(gb, avctx, &ptl->general_ptl) < 0 || + get_bits_left(gb) < 8 + 8*2) { + av_log(avctx, AV_LOG_ERROR, "PTL information too short\n"); + return -1; + } + ptl->general_ptl.level_idc = get_bits(gb, 8); for (i = 0; i < max_num_sub_layers - 1; i++) { ptl->sub_layer_profile_present_flag[i] = get_bits1(gb); ptl->sub_layer_level_present_flag[i] = get_bits1(gb); } - if (max_num_sub_layers - 1 > 0) + + if (max_num_sub_layers - 1> 0) for (i = max_num_sub_layers - 1; i < 8; i++) skip_bits(gb, 2); // reserved_zero_2bits[i] for (i = 0; i < max_num_sub_layers - 1; i++) { - if (ptl->sub_layer_profile_present_flag[i]) - decode_profile_tier_level(gb, avctx, &ptl->sub_layer_ptl[i]); - if (ptl->sub_layer_level_present_flag[i]) - ptl->sub_layer_ptl[i].level_idc = get_bits(gb, 8); + if (ptl->sub_layer_profile_present_flag[i] && + decode_profile_tier_level(gb, avctx, &ptl->sub_layer_ptl[i]) < 0) { + av_log(avctx, AV_LOG_ERROR, + "PTL information for sublayer %i too short\n", i); + return -1; + } + if (ptl->sub_layer_level_present_flag[i]) { + if (get_bits_left(gb) < 8) { + av_log(avctx, AV_LOG_ERROR, + "Not enough data for sublayer %i level_idc\n", i); + return -1; + } else + ptl->sub_layer_ptl[i].level_idc = get_bits(gb, 8); + } } + + return 0; } static void decode_sublayer_hrd(GetBitContext *gb, unsigned int nb_cpb, @@ -294,7 +327,7 @@ static void decode_sublayer_hrd(GetBitContext *gb, unsigned int nb_cpb, } } -static void decode_hrd(GetBitContext *gb, int common_inf_present, +static int decode_hrd(GetBitContext *gb, int common_inf_present, int max_sublayers) { int nal_params_present = 0, vcl_params_present = 0; @@ -340,14 +373,20 @@ static void decode_hrd(GetBitContext *gb, int common_inf_present, else low_delay = get_bits1(gb); - if (!low_delay) + if (!low_delay) { nb_cpb = get_ue_golomb_long(gb) + 1; + if (nb_cpb < 1 || nb_cpb > 32) { + av_log(NULL, AV_LOG_ERROR, "nb_cpb %d invalid\n", nb_cpb); + return AVERROR_INVALIDDATA; + } + } if (nal_params_present) decode_sublayer_hrd(gb, nb_cpb, subpic_params_present); if (vcl_params_present) decode_sublayer_hrd(gb, nb_cpb, subpic_params_present); } + return 0; } int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, @@ -390,7 +429,8 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, goto err; } - parse_ptl(gb, avctx, &vps->ptl, vps->vps_max_sub_layers); + if (parse_ptl(gb, avctx, &vps->ptl, vps->vps_max_sub_layers) < 0) + goto err; vps->vps_sub_layer_ordering_info_present_flag = get_bits1(gb); @@ -400,7 +440,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, vps->vps_num_reorder_pics[i] = get_ue_golomb_long(gb); vps->vps_max_latency_increase[i] = get_ue_golomb_long(gb) - 1; - if (vps->vps_max_dec_pic_buffering[i] > MAX_DPB_SIZE) { + if (vps->vps_max_dec_pic_buffering[i] > MAX_DPB_SIZE || !vps->vps_max_dec_pic_buffering[i]) { av_log(avctx, AV_LOG_ERROR, "vps_max_dec_pic_buffering_minus1 out of range: %d\n", vps->vps_max_dec_pic_buffering[i] - 1); goto err; @@ -415,6 +455,12 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, vps->vps_max_layer_id = get_bits(gb, 6); vps->vps_num_layer_sets = get_ue_golomb_long(gb) + 1; + if (vps->vps_num_layer_sets < 1 || vps->vps_num_layer_sets > 1024 || + (vps->vps_num_layer_sets - 1LL) * (vps->vps_max_layer_id + 1LL) > get_bits_left(gb)) { + av_log(avctx, AV_LOG_ERROR, "too many layer_id_included_flags\n"); + goto err; + } + for (i = 1; i < vps->vps_num_layer_sets; i++) for (j = 0; j <= vps->vps_max_layer_id; j++) skip_bits(gb, 1); // layer_id_included_flag[i][j] @@ -427,6 +473,11 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, if (vps->vps_poc_proportional_to_timing_flag) vps->vps_num_ticks_poc_diff_one = get_ue_golomb_long(gb) + 1; vps->vps_num_hrd_parameters = get_ue_golomb_long(gb); + if (vps->vps_num_hrd_parameters > (unsigned)vps->vps_num_layer_sets) { + av_log(avctx, AV_LOG_ERROR, + "vps_num_hrd_parameters %d is invalid\n", vps->vps_num_hrd_parameters); + goto err; + } for (i = 0; i < vps->vps_num_hrd_parameters; i++) { int common_inf_present = 1; @@ -438,6 +489,13 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, } get_bits1(gb); /* vps_extension_flag */ + if (get_bits_left(gb) < 0) { + av_log(avctx, AV_LOG_ERROR, + "Overread VPS by %d bits\n", -get_bits_left(gb)); + if (ps->vps_list[vps_id]) + goto err; + } + if (ps->vps_list[vps_id] && !memcmp(ps->vps_list[vps_id]->data, vps_buf->data, vps_buf->size)) { av_buffer_unref(&vps_buf); @@ -457,7 +515,8 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx, int apply_defdispwin, HEVCSPS *sps) { VUI *vui = &sps->vui; - int sar_present; + GetBitContext backup; + int sar_present, alt = 0; av_log(avctx, AV_LOG_DEBUG, "Decoding VUI\n"); @@ -510,7 +569,14 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx, vui->field_seq_flag = get_bits1(gb); vui->frame_field_info_present_flag = get_bits1(gb); - vui->default_display_window_flag = get_bits1(gb); + if (get_bits_left(gb) >= 68 && show_bits_long(gb, 21) == 0x100000) { + vui->default_display_window_flag = 0; + av_log(avctx, AV_LOG_WARNING, "Invalid default display window\n"); + } else + vui->default_display_window_flag = get_bits1(gb); + // Backup context in case an alternate header is detected + memcpy(&backup, gb, sizeof(backup)); + if (vui->default_display_window_flag) { //TODO: * 2 is only valid for 420 vui->def_disp_win.left_offset = get_ue_golomb_long(gb) * 2; @@ -536,9 +602,24 @@ static void decode_vui(GetBitContext *gb, AVCodecContext *avctx, } vui->vui_timing_info_present_flag = get_bits1(gb); + if (vui->vui_timing_info_present_flag) { + if( get_bits_left(gb) < 66) { + // The alternate syntax seem to have timing info located + // at where def_disp_win is normally located + av_log(avctx, AV_LOG_WARNING, + "Strange VUI timing information, retrying...\n"); + vui->default_display_window_flag = 0; + memset(&vui->def_disp_win, 0, sizeof(vui->def_disp_win)); + memcpy(gb, &backup, sizeof(backup)); + alt = 1; + } vui->vui_num_units_in_tick = get_bits_long(gb, 32); vui->vui_time_scale = get_bits_long(gb, 32); + if (alt) { + av_log(avctx, AV_LOG_INFO, "Retry got %i/%i fps\n", + vui->vui_time_scale, vui->vui_num_units_in_tick); + } vui->vui_poc_proportional_to_timing_flag = get_bits1(gb); if (vui->vui_poc_proportional_to_timing_flag) vui->vui_num_ticks_poc_diff_one_minus1 = get_ue_golomb_long(gb); @@ -583,19 +664,24 @@ static void set_default_scaling_list_data(ScalingList *sl) memcpy(sl->sl[2][4], default_scaling_list_inter, 64); memcpy(sl->sl[2][5], default_scaling_list_inter, 64); memcpy(sl->sl[3][0], default_scaling_list_intra, 64); - memcpy(sl->sl[3][1], default_scaling_list_inter, 64); + memcpy(sl->sl[3][1], default_scaling_list_intra, 64); + memcpy(sl->sl[3][2], default_scaling_list_intra, 64); + memcpy(sl->sl[3][3], default_scaling_list_inter, 64); + memcpy(sl->sl[3][4], default_scaling_list_inter, 64); + memcpy(sl->sl[3][5], default_scaling_list_inter, 64); } -static int scaling_list_data(GetBitContext *gb, AVCodecContext *avctx, ScalingList *sl) +static int scaling_list_data(GetBitContext *gb, AVCodecContext *avctx, ScalingList *sl, HEVCSPS *sps) { - uint8_t scaling_list_pred_mode_flag[4][6]; + uint8_t scaling_list_pred_mode_flag; int32_t scaling_list_dc_coef[2][6]; - int size_id, matrix_id, i, pos; + int size_id, matrix_id, pos; + int i; for (size_id = 0; size_id < 4; size_id++) - for (matrix_id = 0; matrix_id < (size_id == 3 ? 2 : 6); matrix_id++) { - scaling_list_pred_mode_flag[size_id][matrix_id] = get_bits1(gb); - if (!scaling_list_pred_mode_flag[size_id][matrix_id]) { + for (matrix_id = 0; matrix_id < 6; matrix_id += ((size_id == 3) ? 3 : 1)) { + scaling_list_pred_mode_flag = get_bits1(gb); + if (!scaling_list_pred_mode_flag) { unsigned int delta = get_ue_golomb_long(gb); /* Only need to handle non-zero delta. Zero means default, * which should already be in the arrays. */ @@ -639,26 +725,58 @@ static int scaling_list_data(GetBitContext *gb, AVCodecContext *avctx, ScalingLi } } + if (sps->chroma_format_idc == 3) { + for (i = 0; i < 64; i++) { + sl->sl[3][1][i] = sl->sl[2][1][i]; + sl->sl[3][2][i] = sl->sl[2][2][i]; + sl->sl[3][4][i] = sl->sl[2][4][i]; + sl->sl[3][5][i] = sl->sl[2][5][i]; + } + sl->sl_dc[1][1] = sl->sl_dc[0][1]; + sl->sl_dc[1][2] = sl->sl_dc[0][2]; + sl->sl_dc[1][4] = sl->sl_dc[0][4]; + sl->sl_dc[1][5] = sl->sl_dc[0][5]; + } + + return 0; } static int map_pixel_format(AVCodecContext *avctx, HEVCSPS *sps) { const AVPixFmtDescriptor *desc; - if (sps->chroma_format_idc == 1) { - switch (sps->bit_depth) { - case 8: sps->pix_fmt = AV_PIX_FMT_YUV420P; break; - case 9: sps->pix_fmt = AV_PIX_FMT_YUV420P9; break; - case 10: sps->pix_fmt = AV_PIX_FMT_YUV420P10; break; - default: - av_log(avctx, AV_LOG_ERROR, "Unsupported bit depth: %d\n", - sps->bit_depth); - return AVERROR_PATCHWELCOME; - } - } else { + switch (sps->bit_depth) { + case 8: + if (sps->chroma_format_idc == 0) sps->pix_fmt = AV_PIX_FMT_GRAY8; + if (sps->chroma_format_idc == 1) sps->pix_fmt = AV_PIX_FMT_YUV420P; + if (sps->chroma_format_idc == 2) sps->pix_fmt = AV_PIX_FMT_YUV422P; + if (sps->chroma_format_idc == 3) sps->pix_fmt = AV_PIX_FMT_YUV444P; + break; + case 9: + if (sps->chroma_format_idc == 0) sps->pix_fmt = AV_PIX_FMT_GRAY16; + if (sps->chroma_format_idc == 1) sps->pix_fmt = AV_PIX_FMT_YUV420P9; + if (sps->chroma_format_idc == 2) sps->pix_fmt = AV_PIX_FMT_YUV422P9; + if (sps->chroma_format_idc == 3) sps->pix_fmt = AV_PIX_FMT_YUV444P9; + break; + case 10: + if (sps->chroma_format_idc == 0) sps->pix_fmt = AV_PIX_FMT_GRAY16; + if (sps->chroma_format_idc == 1) sps->pix_fmt = AV_PIX_FMT_YUV420P10; + if (sps->chroma_format_idc == 2) sps->pix_fmt = AV_PIX_FMT_YUV422P10; + if (sps->chroma_format_idc == 3) sps->pix_fmt = AV_PIX_FMT_YUV444P10; + break; + case 12: + if (sps->chroma_format_idc == 0) sps->pix_fmt = AV_PIX_FMT_GRAY16; + if (sps->chroma_format_idc == 1) sps->pix_fmt = AV_PIX_FMT_YUV420P12; + if (sps->chroma_format_idc == 2) sps->pix_fmt = AV_PIX_FMT_YUV422P12; + if (sps->chroma_format_idc == 3) sps->pix_fmt = AV_PIX_FMT_YUV444P12; + break; + default: av_log(avctx, AV_LOG_ERROR, - "non-4:2:0 support is currently unspecified.\n"); - return AVERROR_PATCHWELCOME; + "4:2:0, 4:2:2, 4:4:4 supports are currently specified for 8, 10 and 12 bits.\n"); + av_log(avctx, AV_LOG_ERROR, + "chroma_format_idc is %d, depth is %d", + sps->chroma_format_idc, sps->bit_depth); + return AVERROR_INVALIDDATA; } desc = av_pix_fmt_desc_get(sps->pix_fmt); @@ -687,52 +805,46 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, sps->vps_id = get_bits(gb, 4); if (sps->vps_id >= MAX_VPS_COUNT) { av_log(avctx, AV_LOG_ERROR, "VPS id out of range: %d\n", sps->vps_id); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } if (vps_list && !vps_list[sps->vps_id]) { av_log(avctx, AV_LOG_ERROR, "VPS %d does not exist\n", sps->vps_id); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } sps->max_sub_layers = get_bits(gb, 3) + 1; if (sps->max_sub_layers > MAX_SUB_LAYERS) { av_log(avctx, AV_LOG_ERROR, "sps_max_sub_layers out of range: %d\n", sps->max_sub_layers); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } skip_bits1(gb); // temporal_id_nesting_flag - parse_ptl(gb, avctx, &sps->ptl, sps->max_sub_layers); + if ((ret = parse_ptl(gb, avctx, &sps->ptl, sps->max_sub_layers)) < 0) + return ret; *sps_id = get_ue_golomb_long(gb); if (*sps_id >= MAX_SPS_COUNT) { av_log(avctx, AV_LOG_ERROR, "SPS id out of range: %d\n", *sps_id); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } sps->chroma_format_idc = get_ue_golomb_long(gb); - if (sps->chroma_format_idc != 1) { - avpriv_report_missing_feature(avctx, "chroma_format_idc %d", - sps->chroma_format_idc); - ret = AVERROR_PATCHWELCOME; - goto err; - } if (sps->chroma_format_idc == 3) sps->separate_colour_plane_flag = get_bits1(gb); + if (sps->separate_colour_plane_flag) + sps->chroma_format_idc = 0; + sps->width = get_ue_golomb_long(gb); sps->height = get_ue_golomb_long(gb); if ((ret = av_image_check_size(sps->width, sps->height, 0, avctx)) < 0) - goto err; + return ret; if (get_bits1(gb)) { // pic_conformance_flag //TODO: * 2 is only valid for 420 @@ -760,26 +872,23 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, sps->bit_depth = get_ue_golomb_long(gb) + 8; bit_depth_chroma = get_ue_golomb_long(gb) + 8; - if (bit_depth_chroma != sps->bit_depth) { + if (sps->chroma_format_idc && bit_depth_chroma != sps->bit_depth) { av_log(avctx, AV_LOG_ERROR, "Luma bit depth (%d) is different from chroma bit depth (%d), " "this is unsupported.\n", sps->bit_depth, bit_depth_chroma); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } - ret = map_pixel_format(avctx, sps); if (ret < 0) - goto err; + return ret; sps->log2_max_poc_lsb = get_ue_golomb_long(gb) + 4; if (sps->log2_max_poc_lsb > 16) { av_log(avctx, AV_LOG_ERROR, "log2_max_pic_order_cnt_lsb_minus4 out range: %d\n", sps->log2_max_poc_lsb - 4); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } sublayer_ordering_info = get_bits1(gb); @@ -791,16 +900,14 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, if (sps->temporal_layer[i].max_dec_pic_buffering > MAX_DPB_SIZE) { av_log(avctx, AV_LOG_ERROR, "sps_max_dec_pic_buffering_minus1 out of range: %d\n", sps->temporal_layer[i].max_dec_pic_buffering - 1); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } if (sps->temporal_layer[i].num_reorder_pics > sps->temporal_layer[i].max_dec_pic_buffering - 1) { av_log(avctx, AV_LOG_WARNING, "sps_max_num_reorder_pics out of range: %d\n", sps->temporal_layer[i].num_reorder_pics); if (avctx->err_recognition & AV_EF_EXPLODE || sps->temporal_layer[i].num_reorder_pics > MAX_DPB_SIZE - 1) { - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } sps->temporal_layer[i].max_dec_pic_buffering = sps->temporal_layer[i].num_reorder_pics + 1; } @@ -821,11 +928,26 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, sps->log2_max_trafo_size = log2_diff_max_min_transform_block_size + sps->log2_min_tb_size; - if (sps->log2_min_tb_size >= sps->log2_min_cb_size) { + if (sps->log2_min_cb_size < 3 || sps->log2_min_cb_size > 30) { + av_log(avctx, AV_LOG_ERROR, "Invalid value %d for log2_min_cb_size", sps->log2_min_cb_size); + return AVERROR_INVALIDDATA; + } + + if (sps->log2_diff_max_min_coding_block_size > 30) { + av_log(avctx, AV_LOG_ERROR, "Invalid value %d for log2_diff_max_min_coding_block_size", sps->log2_diff_max_min_coding_block_size); + return AVERROR_INVALIDDATA; + } + + if (sps->log2_min_tb_size >= sps->log2_min_cb_size || sps->log2_min_tb_size < 2) { av_log(avctx, AV_LOG_ERROR, "Invalid value for log2_min_tb_size"); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; + } + + if (log2_diff_max_min_transform_block_size < 0 || log2_diff_max_min_transform_block_size > 30) { + av_log(avctx, AV_LOG_ERROR, "Invalid value %d for log2_diff_max_min_transform_block_size", log2_diff_max_min_transform_block_size); + return AVERROR_INVALIDDATA; } + sps->max_transform_hierarchy_depth_inter = get_ue_golomb_long(gb); sps->max_transform_hierarchy_depth_intra = get_ue_golomb_long(gb); @@ -834,9 +956,9 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, set_default_scaling_list_data(&sps->scaling_list); if (get_bits1(gb)) { - ret = scaling_list_data(gb, avctx, &sps->scaling_list); + ret = scaling_list_data(gb, avctx, &sps->scaling_list, sps); if (ret < 0) - goto err; + return ret; } } @@ -854,8 +976,7 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, av_log(avctx, AV_LOG_ERROR, "PCM bit depth (%d) is greater than normal bit depth (%d)\n", sps->pcm.bit_depth, sps->bit_depth); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } sps->pcm.loop_filter_disable_flag = get_bits1(gb); @@ -865,18 +986,22 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, if (sps->nb_st_rps > MAX_SHORT_TERM_RPS_COUNT) { av_log(avctx, AV_LOG_ERROR, "Too many short term RPS: %d.\n", sps->nb_st_rps); - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } for (i = 0; i < sps->nb_st_rps; i++) { if ((ret = ff_hevc_decode_short_term_rps(gb, avctx, &sps->st_rps[i], sps, 0)) < 0) - goto err; + return ret; } sps->long_term_ref_pics_present_flag = get_bits1(gb); if (sps->long_term_ref_pics_present_flag) { sps->num_long_term_ref_pics_sps = get_ue_golomb_long(gb); + if (sps->num_long_term_ref_pics_sps > 31U) { + av_log(avctx, AV_LOG_ERROR, "num_long_term_ref_pics_sps %d is out of range.\n", + sps->num_long_term_ref_pics_sps); + return AVERROR_INVALIDDATA; + } for (i = 0; i < sps->num_long_term_ref_pics_sps; i++) { sps->lt_ref_pic_poc_lsb_sps[i] = get_bits(gb, sps->log2_max_poc_lsb); sps->used_by_curr_pic_lt_sps_flag[i] = get_bits1(gb); @@ -889,8 +1014,42 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, vui_present = get_bits1(gb); if (vui_present) decode_vui(gb, avctx, apply_defdispwin, sps); - skip_bits1(gb); // sps_extension_flag + if (get_bits1(gb)) { // sps_extension_flag + int sps_extension_flag[1]; + for (i = 0; i < 1; i++) + sps_extension_flag[i] = get_bits1(gb); + skip_bits(gb, 7); //sps_extension_7bits = get_bits(gb, 7); + if (sps_extension_flag[0]) { + int extended_precision_processing_flag; + int high_precision_offsets_enabled_flag; + int cabac_bypass_alignment_enabled_flag; + + sps->transform_skip_rotation_enabled_flag = get_bits1(gb); + sps->transform_skip_context_enabled_flag = get_bits1(gb); + sps->implicit_rdpcm_enabled_flag = get_bits1(gb); + + sps->explicit_rdpcm_enabled_flag = get_bits1(gb); + + extended_precision_processing_flag = get_bits1(gb); + if (extended_precision_processing_flag) + av_log(avctx, AV_LOG_WARNING, + "extended_precision_processing_flag not yet implemented\n"); + + sps->intra_smoothing_disabled_flag = get_bits1(gb); + high_precision_offsets_enabled_flag = get_bits1(gb); + if (high_precision_offsets_enabled_flag) + av_log(avctx, AV_LOG_WARNING, + "high_precision_offsets_enabled_flag not yet implemented\n"); + + sps->persistent_rice_adaptation_enabled_flag = get_bits1(gb); + + cabac_bypass_alignment_enabled_flag = get_bits1(gb); + if (cabac_bypass_alignment_enabled_flag) + av_log(avctx, AV_LOG_WARNING, + "cabac_bypass_alignment_enabled_flag not yet implemented\n"); + } + } if (apply_defdispwin) { sps->output_window.left_offset += sps->vui.def_disp_win.left_offset; sps->output_window.right_offset += sps->vui.def_disp_win.right_offset; @@ -908,19 +1067,17 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, (sps->output_window.left_offset + sps->output_window.right_offset); sps->output_height = sps->height - (sps->output_window.top_offset + sps->output_window.bottom_offset); - if (sps->output_width <= 0 || sps->output_height <= 0) { + if (sps->width <= sps->output_window.left_offset + (int64_t)sps->output_window.right_offset || + sps->height <= sps->output_window.top_offset + (int64_t)sps->output_window.bottom_offset) { av_log(avctx, AV_LOG_WARNING, "Invalid visible frame dimensions: %dx%d.\n", sps->output_width, sps->output_height); if (avctx->err_recognition & AV_EF_EXPLODE) { - ret = AVERROR_INVALIDDATA; - goto err; + return AVERROR_INVALIDDATA; } av_log(avctx, AV_LOG_WARNING, "Displaying the whole video surface.\n"); - sps->output_window.left_offset = - sps->output_window.right_offset = - sps->output_window.top_offset = - sps->output_window.bottom_offset = 0; + memset(&sps->pic_conf_win, 0, sizeof(sps->pic_conf_win)); + memset(&sps->output_window, 0, sizeof(sps->output_window)); sps->output_width = sps->width; sps->output_height = sps->height; } @@ -930,6 +1087,19 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, sps->log2_diff_max_min_coding_block_size; sps->log2_min_pu_size = sps->log2_min_cb_size - 1; + if (sps->log2_ctb_size > MAX_LOG2_CTB_SIZE) { + av_log(avctx, AV_LOG_ERROR, "CTB size out of range: 2^%d\n", sps->log2_ctb_size); + return AVERROR_INVALIDDATA; + } + if (sps->log2_ctb_size < 4) { + av_log(avctx, + AV_LOG_ERROR, + "log2_ctb_size %d differs from the bounds of any known profile\n", + sps->log2_ctb_size); + avpriv_request_sample(avctx, "log2_ctb_size %d", sps->log2_ctb_size); + return AVERROR_INVALIDDATA; + } + sps->ctb_width = (sps->width + (1 << sps->log2_ctb_size) - 1) >> sps->log2_ctb_size; sps->ctb_height = (sps->height + (1 << sps->log2_ctb_size) - 1) >> sps->log2_ctb_size; sps->ctb_size = sps->ctb_width * sps->ctb_height; @@ -940,40 +1110,40 @@ int ff_hevc_parse_sps(HEVCSPS *sps, GetBitContext *gb, unsigned int *sps_id, sps->min_tb_height = sps->height >> sps->log2_min_tb_size; sps->min_pu_width = sps->width >> sps->log2_min_pu_size; sps->min_pu_height = sps->height >> sps->log2_min_pu_size; + sps->tb_mask = (1 << (sps->log2_ctb_size - sps->log2_min_tb_size)) - 1; sps->qp_bd_offset = 6 * (sps->bit_depth - 8); - if (sps->width & ((1 << sps->log2_min_cb_size) - 1) || - sps->height & ((1 << sps->log2_min_cb_size) - 1)) { + if (av_mod_uintp2(sps->width, sps->log2_min_cb_size) || + av_mod_uintp2(sps->height, sps->log2_min_cb_size)) { av_log(avctx, AV_LOG_ERROR, "Invalid coded frame dimensions.\n"); - goto err; + return AVERROR_INVALIDDATA; } - if (sps->log2_ctb_size > MAX_LOG2_CTB_SIZE) { - av_log(avctx, AV_LOG_ERROR, "CTB size out of range: 2^%d\n", sps->log2_ctb_size); - goto err; - } if (sps->max_transform_hierarchy_depth_inter > sps->log2_ctb_size - sps->log2_min_tb_size) { av_log(avctx, AV_LOG_ERROR, "max_transform_hierarchy_depth_inter out of range: %d\n", sps->max_transform_hierarchy_depth_inter); - goto err; + return AVERROR_INVALIDDATA; } if (sps->max_transform_hierarchy_depth_intra > sps->log2_ctb_size - sps->log2_min_tb_size) { av_log(avctx, AV_LOG_ERROR, "max_transform_hierarchy_depth_intra out of range: %d\n", sps->max_transform_hierarchy_depth_intra); - goto err; + return AVERROR_INVALIDDATA; } if (sps->log2_max_trafo_size > FFMIN(sps->log2_ctb_size, 5)) { av_log(avctx, AV_LOG_ERROR, "max transform block size out of range: %d\n", sps->log2_max_trafo_size); - goto err; + return AVERROR_INVALIDDATA; } - return 0; + if (get_bits_left(gb) < 0) { + av_log(avctx, AV_LOG_ERROR, + "Overread SPS by %d bits\n", -get_bits_left(gb)); + return AVERROR_INVALIDDATA; + } -err: - return ret < 0 ? ret : AVERROR_INVALIDDATA; + return 0; } int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, @@ -1034,16 +1204,52 @@ static void hevc_pps_free(void *opaque, uint8_t *data) av_freep(&pps->ctb_addr_ts_to_rs); av_freep(&pps->tile_pos_rs); av_freep(&pps->tile_id); - av_freep(&pps->min_tb_addr_zs); + av_freep(&pps->min_tb_addr_zs_tab); av_freep(&pps); } +static int pps_range_extensions(GetBitContext *gb, AVCodecContext *avctx, + HEVCPPS *pps, HEVCSPS *sps) { + int i; + + if (pps->transform_skip_enabled_flag) { + pps->log2_max_transform_skip_block_size = get_ue_golomb_long(gb) + 2; + } + pps->cross_component_prediction_enabled_flag = get_bits1(gb); + pps->chroma_qp_offset_list_enabled_flag = get_bits1(gb); + if (pps->chroma_qp_offset_list_enabled_flag) { + pps->diff_cu_chroma_qp_offset_depth = get_ue_golomb_long(gb); + pps->chroma_qp_offset_list_len_minus1 = get_ue_golomb_long(gb); + if (pps->chroma_qp_offset_list_len_minus1 && pps->chroma_qp_offset_list_len_minus1 >= 5) { + av_log(avctx, AV_LOG_ERROR, + "chroma_qp_offset_list_len_minus1 shall be in the range [0, 5].\n"); + return AVERROR_INVALIDDATA; + } + for (i = 0; i <= pps->chroma_qp_offset_list_len_minus1; i++) { + pps->cb_qp_offset_list[i] = get_se_golomb_long(gb); + if (pps->cb_qp_offset_list[i]) { + av_log(avctx, AV_LOG_WARNING, + "cb_qp_offset_list not tested yet.\n"); + } + pps->cr_qp_offset_list[i] = get_se_golomb_long(gb); + if (pps->cr_qp_offset_list[i]) { + av_log(avctx, AV_LOG_WARNING, + "cb_qp_offset_list not tested yet.\n"); + } + } + } + pps->log2_sao_offset_scale_luma = get_ue_golomb_long(gb); + pps->log2_sao_offset_scale_chroma = get_ue_golomb_long(gb); + + return(0); +} + static inline int setup_pps(AVCodecContext *avctx, GetBitContext *gb, HEVCPPS *pps, HEVCSPS *sps) { int log2_diff; - int pic_area_in_ctbs, pic_area_in_min_tbs; + int pic_area_in_ctbs; int i, j, x, y, ctb_addr_rs, tile_id; // Inferred parameters @@ -1090,14 +1296,13 @@ static inline int setup_pps(AVCodecContext *avctx, GetBitContext *gb, * 6.5 */ pic_area_in_ctbs = sps->ctb_width * sps->ctb_height; - pic_area_in_min_tbs = sps->min_tb_width * sps->min_tb_height; pps->ctb_addr_rs_to_ts = av_malloc_array(pic_area_in_ctbs, sizeof(*pps->ctb_addr_rs_to_ts)); pps->ctb_addr_ts_to_rs = av_malloc_array(pic_area_in_ctbs, sizeof(*pps->ctb_addr_ts_to_rs)); pps->tile_id = av_malloc_array(pic_area_in_ctbs, sizeof(*pps->tile_id)); - pps->min_tb_addr_zs = av_malloc_array(pic_area_in_min_tbs, sizeof(*pps->min_tb_addr_zs)); + pps->min_tb_addr_zs_tab = av_malloc_array((sps->tb_mask+2) * (sps->tb_mask+2), sizeof(*pps->min_tb_addr_zs_tab)); if (!pps->ctb_addr_rs_to_ts || !pps->ctb_addr_ts_to_rs || - !pps->tile_id || !pps->min_tb_addr_zs) { + !pps->tile_id || !pps->min_tb_addr_zs_tab) { return AVERROR(ENOMEM); } @@ -1150,8 +1355,13 @@ static inline int setup_pps(AVCodecContext *avctx, GetBitContext *gb, pps->row_bd[j] * sps->ctb_width + pps->col_bd[i]; log2_diff = sps->log2_ctb_size - sps->log2_min_tb_size; - for (y = 0; y < sps->min_tb_height; y++) { - for (x = 0; x < sps->min_tb_width; x++) { + pps->min_tb_addr_zs = &pps->min_tb_addr_zs_tab[1*(sps->tb_mask+2)+1]; + for (y = 0; y < sps->tb_mask+2; y++) { + pps->min_tb_addr_zs_tab[y*(sps->tb_mask+2)] = -1; + pps->min_tb_addr_zs_tab[y] = -1; + } + for (y = 0; y < sps->tb_mask+1; y++) { + for (x = 0; x < sps->tb_mask+1; x++) { int tb_x = x >> log2_diff; int tb_y = y >> log2_diff; int rs = sps->ctb_width * tb_y + tb_x; @@ -1160,7 +1370,7 @@ static inline int setup_pps(AVCodecContext *avctx, GetBitContext *gb, int m = 1 << i; val += (m & x ? m * m : 0) + (m & y ? 2 * m * m : 0); } - pps->min_tb_addr_zs[y * sps->min_tb_width + x] = val; + pps->min_tb_addr_zs[y * (sps->tb_mask+2) + x] = val; } } @@ -1197,6 +1407,7 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, pps->disable_dbf = 0; pps->beta_offset = 0; pps->tc_offset = 0; + pps->log2_max_transform_skip_block_size = 2; // Coded parameters pps_id = get_ue_golomb_long(gb); @@ -1239,6 +1450,14 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, if (pps->cu_qp_delta_enabled_flag) pps->diff_cu_qp_delta_depth = get_ue_golomb_long(gb); + if (pps->diff_cu_qp_delta_depth < 0 || + pps->diff_cu_qp_delta_depth > sps->log2_diff_max_min_coding_block_size) { + av_log(avctx, AV_LOG_ERROR, "diff_cu_qp_delta_depth %d is invalid\n", + pps->diff_cu_qp_delta_depth); + ret = AVERROR_INVALIDDATA; + goto err; + } + pps->cb_qp_offset = get_se_golomb(gb); if (pps->cb_qp_offset < -12 || pps->cb_qp_offset > 12) { av_log(avctx, AV_LOG_ERROR, "pps_cb_qp_offset out of range: %d\n", @@ -1265,14 +1484,14 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, if (pps->tiles_enabled_flag) { pps->num_tile_columns = get_ue_golomb_long(gb) + 1; pps->num_tile_rows = get_ue_golomb_long(gb) + 1; - if (pps->num_tile_columns == 0 || + if (pps->num_tile_columns <= 0 || pps->num_tile_columns >= sps->width) { av_log(avctx, AV_LOG_ERROR, "num_tile_columns_minus1 out of range: %d\n", pps->num_tile_columns - 1); ret = AVERROR_INVALIDDATA; goto err; } - if (pps->num_tile_rows == 0 || + if (pps->num_tile_rows <= 0 || pps->num_tile_rows >= sps->height) { av_log(avctx, AV_LOG_ERROR, "num_tile_rows_minus1 out of range: %d\n", pps->num_tile_rows - 1); @@ -1343,7 +1562,7 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, pps->scaling_list_data_present_flag = get_bits1(gb); if (pps->scaling_list_data_present_flag) { set_default_scaling_list_data(&pps->scaling_list); - ret = scaling_list_data(gb, avctx, &pps->scaling_list); + ret = scaling_list_data(gb, avctx, &pps->scaling_list, sps); if (ret < 0) goto err; } @@ -1357,12 +1576,26 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, } pps->slice_header_extension_present_flag = get_bits1(gb); - skip_bits1(gb); // pps_extension_flag + + if (get_bits1(gb)) { // pps_extension_present_flag + int pps_range_extensions_flag = get_bits1(gb); + /* int pps_extension_7bits = */ get_bits(gb, 7); + if (sps->ptl.general_ptl.profile_idc == FF_PROFILE_HEVC_REXT && pps_range_extensions_flag) { + if ((ret = pps_range_extensions(gb, avctx, pps, sps)) < 0) + goto err; + } + } ret = setup_pps(avctx, gb, pps, sps); if (ret < 0) goto err; + if (get_bits_left(gb) < 0) { + av_log(avctx, AV_LOG_ERROR, + "Overread PPS by %d bits\n", -get_bits_left(gb)); + goto err; + } + remove_pps(ps, pps_id); ps->pps_list[pps_id] = pps_buf; |