[FFmpeg-devel] [PATCH] lavc/vvc: Fail inter prediction if using IBC

[Frank Plowman]

IBC is not yet implemented.  Fail the inter prediction process with
AVERROR_PATCHWELCOME if the bitstream uses IBC. Fixes crashes due to
out-of-bounds reads when attempting to decode IBC bitstreams.

Signed-off-by: Frank Plowman <p...@frankplowman.com>
---
 libavcodec/vvc/vvc_inter.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/libavcodec/vvc/vvc_inter.c b/libavcodec/vvc/vvc_inter.c
index e05f3db93e..cb5e8d4ef6 100644
--- a/libavcodec/vvc/vvc_inter.c
+++ b/libavcodec/vvc/vvc_inter.c
@@ -779,7 +779,7 @@ static void derive_sb_mv(VVCLocalContext *lc, MvField *mv, 
MvField *orig_mv, int
     }
 }
 
-static void pred_regular_blk(VVCLocalContext *lc, const int skip_ciip)
+static int pred_regular_blk(VVCLocalContext *lc, const int skip_ciip)
 {
     const VVCFrameContext *fc   = lc->fc;
     const CodingUnit *cu        = lc->cu;
@@ -789,7 +789,7 @@ static void pred_regular_blk(VVCLocalContext *lc, const int 
skip_ciip)
     int sbw, sbh, sb_bdof_flag = 0;
 
     if (cu->ciip_flag && skip_ciip)
-        return;
+        return 0;
 
     sbw = cu->cb_width / mi->num_sb_x;
     sbh = cu->cb_height / mi->num_sb_y;
@@ -803,11 +803,17 @@ static void pred_regular_blk(VVCLocalContext *lc, const 
int skip_ciip)
                 ff_vvc_set_neighbour_available(lc, x0, y0, sbw, sbh);
 
             derive_sb_mv(lc, &mv, &orig_mv, &sb_bdof_flag, x0, y0, sbw, sbh);
+            if (mv.pred_flag == PF_INTRA) {
+                avpriv_report_missing_feature(fc->log_ctx, "Intra Block Copy");
+                return AVERROR_PATCHWELCOME;
+            }
             pred_regular_luma(lc, mi->hpel_if_idx, mi->hpel_if_idx, &mv, x0, 
y0, sbw, sbh, &orig_mv, sb_bdof_flag);
             if (fc->ps.sps->r->sps_chroma_format_idc)
                 pred_regular_chroma(lc, &mv, x0, y0, sbw, sbh, &orig_mv, 
pu->dmvr_flag);
         }
     }
+
+    return 0;
 }
 
 static void derive_affine_mvc(MvField *mvc, const VVCFrameContext *fc, const 
MvField *mv,
@@ -872,23 +878,29 @@ static void pred_affine_blk(VVCLocalContext *lc)
     }
 }
 
-static void predict_inter(VVCLocalContext *lc)
+static int predict_inter(VVCLocalContext *lc)
 {
     const VVCFrameContext *fc   = lc->fc;
     const CodingUnit *cu        = lc->cu;
     const PredictionUnit *pu    = &cu->pu;
+    int ret;
 
     if (pu->merge_gpm_flag)
         pred_gpm_blk(lc);
     else if (pu->inter_affine_flag)
         pred_affine_blk(lc);
-    else
-        pred_regular_blk(lc, 1);    //intra block is not ready yet, skip ciip
+    else {
+        ret = pred_regular_blk(lc, 1);    //intra block is not ready yet, skip 
ciip
+        if (ret < 0)
+            return ret;
+    }
 
     if (lc->sc->sh.r->sh_lmcs_used_flag && !cu->ciip_flag) {
         uint8_t* dst0 = POS(0, cu->x0, cu->y0);
         fc->vvcdsp.lmcs.filter(dst0, fc->frame->linesize[LUMA], cu->cb_width, 
cu->cb_height, fc->ps.lmcs.fwd_lut);
     }
+
+    return 0;
 }
 
 static int has_inter_luma(const CodingUnit *cu)
@@ -901,11 +913,15 @@ int ff_vvc_predict_inter(VVCLocalContext *lc, const int 
rs)
     const VVCFrameContext *fc   = lc->fc;
     const CTU *ctu              = fc->tab.ctus + rs;
     CodingUnit *cu              = ctu->cus;
+    int ret;
 
     while (cu) {
         lc->cu = cu;
-        if (has_inter_luma(cu))
-            predict_inter(lc);
+        if (has_inter_luma(cu)) {
+            ret = predict_inter(lc);
+            if (ret < 0)
+                return ret;
+        }
         cu = cu->next;
     }
 
-- 
2.43.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".