1 /*
2 * H.26L/H.264/AVC/JVT/14496-10/... parameter set decoding
3 * Copyright (c) 2003 Michael Niedermayer <michaelni@gmx.at>
4 *
5 * This file is part of FFmpeg.
6 *
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 /**
23 * @file
24 * H.264 / AVC / MPEG-4 part10 parameter set decoding.
25 * @author Michael Niedermayer <michaelni@gmx.at>
26 */
27
28 #include <inttypes.h>
29
30 #include "libavutil/imgutils.h"
31 #include "internal.h"
32 #include "mathops.h"
33 #include "avcodec.h"
34 #include "h264data.h"
35 #include "h264_ps.h"
36 #include "golomb.h"
37
38 #define MIN_LOG2_MAX_FRAME_NUM 4
39
40 #define EXTENDED_SAR 255
41
42 static const uint8_t default_scaling4[2][16] = {
43 { 6, 13, 20, 28, 13, 20, 28, 32,
44 20, 28, 32, 37, 28, 32, 37, 42 },
45 { 10, 14, 20, 24, 14, 20, 24, 27,
46 20, 24, 27, 30, 24, 27, 30, 34 }
47 };
48
49 static const uint8_t default_scaling8[2][64] = {
50 { 6, 10, 13, 16, 18, 23, 25, 27,
51 10, 11, 16, 18, 23, 25, 27, 29,
52 13, 16, 18, 23, 25, 27, 29, 31,
53 16, 18, 23, 25, 27, 29, 31, 33,
54 18, 23, 25, 27, 29, 31, 33, 36,
55 23, 25, 27, 29, 31, 33, 36, 38,
56 25, 27, 29, 31, 33, 36, 38, 40,
57 27, 29, 31, 33, 36, 38, 40, 42 },
58 { 9, 13, 15, 17, 19, 21, 22, 24,
59 13, 13, 17, 19, 21, 22, 24, 25,
60 15, 17, 19, 21, 22, 24, 25, 27,
61 17, 19, 21, 22, 24, 25, 27, 28,
62 19, 21, 22, 24, 25, 27, 28, 30,
63 21, 22, 24, 25, 27, 28, 30, 32,
64 22, 24, 25, 27, 28, 30, 32, 33,
65 24, 25, 27, 28, 30, 32, 33, 35 }
66 };
67
68 /* maximum number of MBs in the DPB for a given level */
69 static const int level_max_dpb_mbs[][2] = {
70 { 10, 396 },
71 { 11, 900 },
72 { 12, 2376 },
73 { 13, 2376 },
74 { 20, 2376 },
75 { 21, 4752 },
76 { 22, 8100 },
77 { 30, 8100 },
78 { 31, 18000 },
79 { 32, 20480 },
80 { 40, 32768 },
81 { 41, 32768 },
82 { 42, 34816 },
83 { 50, 110400 },
84 { 51, 184320 },
85 { 52, 184320 },
86 };
87
remove_pps(H264ParamSets * s,int id)88 static void remove_pps(H264ParamSets *s, int id)
89 {
90 av_buffer_unref(&s->pps_list[id]);
91 }
92
remove_sps(H264ParamSets * s,int id)93 static void remove_sps(H264ParamSets *s, int id)
94 {
95 #if 0
96 int i;
97 if (s->sps_list[id]) {
98 /* drop all PPS that depend on this SPS */
99 for (i = 0; i < FF_ARRAY_ELEMS(s->pps_list); i++)
100 if (s->pps_list[i] && ((PPS*)s->pps_list[i]->data)->sps_id == id)
101 remove_pps(s, i);
102 }
103 #endif
104 av_buffer_unref(&s->sps_list[id]);
105 }
106
decode_hrd_parameters(GetBitContext * gb,void * logctx,SPS * sps)107 static inline int decode_hrd_parameters(GetBitContext *gb, void *logctx,
108 SPS *sps)
109 {
110 int cpb_count, i;
111 cpb_count = get_ue_golomb_31(gb) + 1;
112
113 if (cpb_count > 32U) {
114 av_log(logctx, AV_LOG_ERROR, "cpb_count %d invalid\n", cpb_count);
115 return AVERROR_INVALIDDATA;
116 }
117
118 get_bits(gb, 4); /* bit_rate_scale */
119 get_bits(gb, 4); /* cpb_size_scale */
120 for (i = 0; i < cpb_count; i++) {
121 get_ue_golomb_long(gb); /* bit_rate_value_minus1 */
122 get_ue_golomb_long(gb); /* cpb_size_value_minus1 */
123 get_bits1(gb); /* cbr_flag */
124 }
125 sps->initial_cpb_removal_delay_length = get_bits(gb, 5) + 1;
126 sps->cpb_removal_delay_length = get_bits(gb, 5) + 1;
127 sps->dpb_output_delay_length = get_bits(gb, 5) + 1;
128 sps->time_offset_length = get_bits(gb, 5);
129 sps->cpb_cnt = cpb_count;
130 return 0;
131 }
132
decode_vui_parameters(GetBitContext * gb,void * logctx,SPS * sps)133 static inline int decode_vui_parameters(GetBitContext *gb, void *logctx,
134 SPS *sps)
135 {
136 int aspect_ratio_info_present_flag;
137 unsigned int aspect_ratio_idc;
138
139 aspect_ratio_info_present_flag = get_bits1(gb);
140
141 if (aspect_ratio_info_present_flag) {
142 aspect_ratio_idc = get_bits(gb, 8);
143 if (aspect_ratio_idc == EXTENDED_SAR) {
144 sps->sar.num = get_bits(gb, 16);
145 sps->sar.den = get_bits(gb, 16);
146 } else if (aspect_ratio_idc < FF_ARRAY_ELEMS(ff_h264_pixel_aspect)) {
147 sps->sar = ff_h264_pixel_aspect[aspect_ratio_idc];
148 } else {
149 av_log(logctx, AV_LOG_ERROR, "illegal aspect ratio\n");
150 return AVERROR_INVALIDDATA;
151 }
152 } else {
153 sps->sar.num =
154 sps->sar.den = 0;
155 }
156
157 if (get_bits1(gb)) /* overscan_info_present_flag */
158 get_bits1(gb); /* overscan_appropriate_flag */
159
160 sps->video_signal_type_present_flag = get_bits1(gb);
161 if (sps->video_signal_type_present_flag) {
162 get_bits(gb, 3); /* video_format */
163 sps->full_range = get_bits1(gb); /* video_full_range_flag */
164
165 sps->colour_description_present_flag = get_bits1(gb);
166 if (sps->colour_description_present_flag) {
167 sps->color_primaries = get_bits(gb, 8); /* colour_primaries */
168 sps->color_trc = get_bits(gb, 8); /* transfer_characteristics */
169 sps->colorspace = get_bits(gb, 8); /* matrix_coefficients */
170
171 // Set invalid values to "unspecified"
172 if (!av_color_primaries_name(sps->color_primaries))
173 sps->color_primaries = AVCOL_PRI_UNSPECIFIED;
174 if (!av_color_transfer_name(sps->color_trc))
175 sps->color_trc = AVCOL_TRC_UNSPECIFIED;
176 if (!av_color_space_name(sps->colorspace))
177 sps->colorspace = AVCOL_SPC_UNSPECIFIED;
178 }
179 }
180
181 /* chroma_location_info_present_flag */
182 if (get_bits1(gb)) {
183 /* chroma_sample_location_type_top_field */
184 sps->chroma_location = get_ue_golomb(gb) + 1;
185 get_ue_golomb(gb); /* chroma_sample_location_type_bottom_field */
186 } else
187 sps->chroma_location = AVCHROMA_LOC_LEFT;
188
189 if (show_bits1(gb) && get_bits_left(gb) < 10) {
190 av_log(logctx, AV_LOG_WARNING, "Truncated VUI (%d)\n", get_bits_left(gb));
191 return 0;
192 }
193
194 sps->timing_info_present_flag = get_bits1(gb);
195 if (sps->timing_info_present_flag) {
196 unsigned num_units_in_tick = get_bits_long(gb, 32);
197 unsigned time_scale = get_bits_long(gb, 32);
198 if (!num_units_in_tick || !time_scale) {
199 av_log(logctx, AV_LOG_ERROR,
200 "time_scale/num_units_in_tick invalid or unsupported (%u/%u)\n",
201 time_scale, num_units_in_tick);
202 sps->timing_info_present_flag = 0;
203 } else {
204 sps->num_units_in_tick = num_units_in_tick;
205 sps->time_scale = time_scale;
206 }
207 sps->fixed_frame_rate_flag = get_bits1(gb);
208 }
209
210 sps->nal_hrd_parameters_present_flag = get_bits1(gb);
211 if (sps->nal_hrd_parameters_present_flag)
212 if (decode_hrd_parameters(gb, logctx, sps) < 0)
213 return AVERROR_INVALIDDATA;
214 sps->vcl_hrd_parameters_present_flag = get_bits1(gb);
215 if (sps->vcl_hrd_parameters_present_flag)
216 if (decode_hrd_parameters(gb, logctx, sps) < 0)
217 return AVERROR_INVALIDDATA;
218 if (sps->nal_hrd_parameters_present_flag ||
219 sps->vcl_hrd_parameters_present_flag)
220 get_bits1(gb); /* low_delay_hrd_flag */
221 sps->pic_struct_present_flag = get_bits1(gb);
222 if (!get_bits_left(gb))
223 return 0;
224 sps->bitstream_restriction_flag = get_bits1(gb);
225 if (sps->bitstream_restriction_flag) {
226 get_bits1(gb); /* motion_vectors_over_pic_boundaries_flag */
227 get_ue_golomb(gb); /* max_bytes_per_pic_denom */
228 get_ue_golomb(gb); /* max_bits_per_mb_denom */
229 get_ue_golomb(gb); /* log2_max_mv_length_horizontal */
230 get_ue_golomb(gb); /* log2_max_mv_length_vertical */
231 sps->num_reorder_frames = get_ue_golomb(gb);
232 get_ue_golomb(gb); /*max_dec_frame_buffering*/
233
234 if (get_bits_left(gb) < 0) {
235 sps->num_reorder_frames = 0;
236 sps->bitstream_restriction_flag = 0;
237 }
238
239 if (sps->num_reorder_frames > 16U
240 /* max_dec_frame_buffering || max_dec_frame_buffering > 16 */) {
241 av_log(logctx, AV_LOG_ERROR,
242 "Clipping illegal num_reorder_frames %d\n",
243 sps->num_reorder_frames);
244 sps->num_reorder_frames = 16;
245 return AVERROR_INVALIDDATA;
246 }
247 }
248
249 return 0;
250 }
251
decode_scaling_list(GetBitContext * gb,uint8_t * factors,int size,const uint8_t * jvt_list,const uint8_t * fallback_list)252 static int decode_scaling_list(GetBitContext *gb, uint8_t *factors, int size,
253 const uint8_t *jvt_list,
254 const uint8_t *fallback_list)
255 {
256 int i, last = 8, next = 8;
257 const uint8_t *scan = size == 16 ? ff_zigzag_scan : ff_zigzag_direct;
258 if (!get_bits1(gb)) /* matrix not written, we use the predicted one */
259 memcpy(factors, fallback_list, size * sizeof(uint8_t));
260 else
261 for (i = 0; i < size; i++) {
262 if (next) {
263 int v = get_se_golomb(gb);
264 if (v < -128 || v > 127) {
265 av_log(NULL, AV_LOG_ERROR, "delta scale %d is invalid\n", v);
266 return AVERROR_INVALIDDATA;
267 }
268 next = (last + v) & 0xff;
269 }
270 if (!i && !next) { /* matrix not written, we use the preset one */
271 memcpy(factors, jvt_list, size * sizeof(uint8_t));
272 break;
273 }
274 last = factors[scan[i]] = next ? next : last;
275 }
276 return 0;
277 }
278
279 /* returns non zero if the provided SPS scaling matrix has been filled */
decode_scaling_matrices(GetBitContext * gb,const SPS * sps,const PPS * pps,int is_sps,uint8_t (* scaling_matrix4)[16],uint8_t (* scaling_matrix8)[64])280 static int decode_scaling_matrices(GetBitContext *gb, const SPS *sps,
281 const PPS *pps, int is_sps,
282 uint8_t(*scaling_matrix4)[16],
283 uint8_t(*scaling_matrix8)[64])
284 {
285 int fallback_sps = !is_sps && sps->scaling_matrix_present;
286 const uint8_t *fallback[4] = {
287 fallback_sps ? sps->scaling_matrix4[0] : default_scaling4[0],
288 fallback_sps ? sps->scaling_matrix4[3] : default_scaling4[1],
289 fallback_sps ? sps->scaling_matrix8[0] : default_scaling8[0],
290 fallback_sps ? sps->scaling_matrix8[3] : default_scaling8[1]
291 };
292 int ret = 0;
293 if (get_bits1(gb)) {
294 ret |= decode_scaling_list(gb, scaling_matrix4[0], 16, default_scaling4[0], fallback[0]); // Intra, Y
295 ret |= decode_scaling_list(gb, scaling_matrix4[1], 16, default_scaling4[0], scaling_matrix4[0]); // Intra, Cr
296 ret |= decode_scaling_list(gb, scaling_matrix4[2], 16, default_scaling4[0], scaling_matrix4[1]); // Intra, Cb
297 ret |= decode_scaling_list(gb, scaling_matrix4[3], 16, default_scaling4[1], fallback[1]); // Inter, Y
298 ret |= decode_scaling_list(gb, scaling_matrix4[4], 16, default_scaling4[1], scaling_matrix4[3]); // Inter, Cr
299 ret |= decode_scaling_list(gb, scaling_matrix4[5], 16, default_scaling4[1], scaling_matrix4[4]); // Inter, Cb
300 if (is_sps || pps->transform_8x8_mode) {
301 ret |= decode_scaling_list(gb, scaling_matrix8[0], 64, default_scaling8[0], fallback[2]); // Intra, Y
302 ret |= decode_scaling_list(gb, scaling_matrix8[3], 64, default_scaling8[1], fallback[3]); // Inter, Y
303 if (sps->chroma_format_idc == 3) {
304 ret |= decode_scaling_list(gb, scaling_matrix8[1], 64, default_scaling8[0], scaling_matrix8[0]); // Intra, Cr
305 ret |= decode_scaling_list(gb, scaling_matrix8[4], 64, default_scaling8[1], scaling_matrix8[3]); // Inter, Cr
306 ret |= decode_scaling_list(gb, scaling_matrix8[2], 64, default_scaling8[0], scaling_matrix8[1]); // Intra, Cb
307 ret |= decode_scaling_list(gb, scaling_matrix8[5], 64, default_scaling8[1], scaling_matrix8[4]); // Inter, Cb
308 }
309 }
310 if (!ret)
311 ret = is_sps;
312 }
313
314 return ret;
315 }
316
ff_h264_ps_uninit(H264ParamSets * ps)317 void ff_h264_ps_uninit(H264ParamSets *ps)
318 {
319 int i;
320
321 for (i = 0; i < MAX_SPS_COUNT; i++)
322 av_buffer_unref(&ps->sps_list[i]);
323
324 for (i = 0; i < MAX_PPS_COUNT; i++)
325 av_buffer_unref(&ps->pps_list[i]);
326
327 av_buffer_unref(&ps->pps_ref);
328
329 ps->pps = NULL;
330 ps->sps = NULL;
331 }
332
ff_h264_decode_seq_parameter_set(GetBitContext * gb,AVCodecContext * avctx,H264ParamSets * ps,int ignore_truncation)333 int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
334 H264ParamSets *ps, int ignore_truncation)
335 {
336 AVBufferRef *sps_buf;
337 int profile_idc, level_idc, constraint_set_flags = 0;
338 unsigned int sps_id;
339 int i, log2_max_frame_num_minus4;
340 SPS *sps;
341 int ret;
342
343 sps_buf = av_buffer_allocz(sizeof(*sps));
344 if (!sps_buf)
345 return AVERROR(ENOMEM);
346 sps = (SPS*)sps_buf->data;
347
348 sps->data_size = gb->buffer_end - gb->buffer;
349 if (sps->data_size > sizeof(sps->data)) {
350 av_log(avctx, AV_LOG_DEBUG, "Truncating likely oversized SPS\n");
351 sps->data_size = sizeof(sps->data);
352 }
353 memcpy(sps->data, gb->buffer, sps->data_size);
354
355 profile_idc = get_bits(gb, 8);
356 constraint_set_flags |= get_bits1(gb) << 0; // constraint_set0_flag
357 constraint_set_flags |= get_bits1(gb) << 1; // constraint_set1_flag
358 constraint_set_flags |= get_bits1(gb) << 2; // constraint_set2_flag
359 constraint_set_flags |= get_bits1(gb) << 3; // constraint_set3_flag
360 constraint_set_flags |= get_bits1(gb) << 4; // constraint_set4_flag
361 constraint_set_flags |= get_bits1(gb) << 5; // constraint_set5_flag
362 skip_bits(gb, 2); // reserved_zero_2bits
363 level_idc = get_bits(gb, 8);
364 sps_id = get_ue_golomb_31(gb);
365
366 if (sps_id >= MAX_SPS_COUNT) {
367 av_log(avctx, AV_LOG_ERROR, "sps_id %u out of range\n", sps_id);
368 goto fail;
369 }
370
371 sps->sps_id = sps_id;
372 sps->time_offset_length = 24;
373 sps->profile_idc = profile_idc;
374 sps->constraint_set_flags = constraint_set_flags;
375 sps->level_idc = level_idc;
376 sps->full_range = -1;
377
378 memset(sps->scaling_matrix4, 16, sizeof(sps->scaling_matrix4));
379 memset(sps->scaling_matrix8, 16, sizeof(sps->scaling_matrix8));
380 sps->scaling_matrix_present = 0;
381 sps->colorspace = 2; //AVCOL_SPC_UNSPECIFIED
382
383 if (sps->profile_idc == 100 || // High profile
384 sps->profile_idc == 110 || // High10 profile
385 sps->profile_idc == 122 || // High422 profile
386 sps->profile_idc == 244 || // High444 Predictive profile
387 sps->profile_idc == 44 || // Cavlc444 profile
388 sps->profile_idc == 83 || // Scalable Constrained High profile (SVC)
389 sps->profile_idc == 86 || // Scalable High Intra profile (SVC)
390 sps->profile_idc == 118 || // Stereo High profile (MVC)
391 sps->profile_idc == 128 || // Multiview High profile (MVC)
392 sps->profile_idc == 138 || // Multiview Depth High profile (MVCD)
393 sps->profile_idc == 144) { // old High444 profile
394 sps->chroma_format_idc = get_ue_golomb_31(gb);
395 if (sps->chroma_format_idc > 3U) {
396 avpriv_request_sample(avctx, "chroma_format_idc %u",
397 sps->chroma_format_idc);
398 goto fail;
399 } else if (sps->chroma_format_idc == 3) {
400 sps->residual_color_transform_flag = get_bits1(gb);
401 if (sps->residual_color_transform_flag) {
402 av_log(avctx, AV_LOG_ERROR, "separate color planes are not supported\n");
403 goto fail;
404 }
405 }
406 sps->bit_depth_luma = get_ue_golomb(gb) + 8;
407 sps->bit_depth_chroma = get_ue_golomb(gb) + 8;
408 if (sps->bit_depth_chroma != sps->bit_depth_luma) {
409 avpriv_request_sample(avctx,
410 "Different chroma and luma bit depth");
411 goto fail;
412 }
413 if (sps->bit_depth_luma < 8 || sps->bit_depth_luma > 14 ||
414 sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 14) {
415 av_log(avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n",
416 sps->bit_depth_luma, sps->bit_depth_chroma);
417 goto fail;
418 }
419 sps->transform_bypass = get_bits1(gb);
420 ret = decode_scaling_matrices(gb, sps, NULL, 1,
421 sps->scaling_matrix4, sps->scaling_matrix8);
422 if (ret < 0)
423 goto fail;
424 sps->scaling_matrix_present |= ret;
425 } else {
426 sps->chroma_format_idc = 1;
427 sps->bit_depth_luma = 8;
428 sps->bit_depth_chroma = 8;
429 }
430
431 log2_max_frame_num_minus4 = get_ue_golomb(gb);
432 if (log2_max_frame_num_minus4 < MIN_LOG2_MAX_FRAME_NUM - 4 ||
433 log2_max_frame_num_minus4 > MAX_LOG2_MAX_FRAME_NUM - 4) {
434 av_log(avctx, AV_LOG_ERROR,
435 "log2_max_frame_num_minus4 out of range (0-12): %d\n",
436 log2_max_frame_num_minus4);
437 goto fail;
438 }
439 sps->log2_max_frame_num = log2_max_frame_num_minus4 + 4;
440
441 sps->poc_type = get_ue_golomb_31(gb);
442
443 if (sps->poc_type == 0) { // FIXME #define
444 unsigned t = get_ue_golomb(gb);
445 if (t>12) {
446 av_log(avctx, AV_LOG_ERROR, "log2_max_poc_lsb (%d) is out of range\n", t);
447 goto fail;
448 }
449 sps->log2_max_poc_lsb = t + 4;
450 } else if (sps->poc_type == 1) { // FIXME #define
451 sps->delta_pic_order_always_zero_flag = get_bits1(gb);
452 sps->offset_for_non_ref_pic = get_se_golomb_long(gb);
453 sps->offset_for_top_to_bottom_field = get_se_golomb_long(gb);
454
455 if ( sps->offset_for_non_ref_pic == INT32_MIN
456 || sps->offset_for_top_to_bottom_field == INT32_MIN
457 ) {
458 av_log(avctx, AV_LOG_ERROR,
459 "offset_for_non_ref_pic or offset_for_top_to_bottom_field is out of range\n");
460 goto fail;
461 }
462
463 sps->poc_cycle_length = get_ue_golomb(gb);
464
465 if ((unsigned)sps->poc_cycle_length >=
466 FF_ARRAY_ELEMS(sps->offset_for_ref_frame)) {
467 av_log(avctx, AV_LOG_ERROR,
468 "poc_cycle_length overflow %d\n", sps->poc_cycle_length);
469 goto fail;
470 }
471
472 for (i = 0; i < sps->poc_cycle_length; i++) {
473 sps->offset_for_ref_frame[i] = get_se_golomb_long(gb);
474 if (sps->offset_for_ref_frame[i] == INT32_MIN) {
475 av_log(avctx, AV_LOG_ERROR,
476 "offset_for_ref_frame is out of range\n");
477 goto fail;
478 }
479 }
480 } else if (sps->poc_type != 2) {
481 av_log(avctx, AV_LOG_ERROR, "illegal POC type %d\n", sps->poc_type);
482 goto fail;
483 }
484
485 sps->ref_frame_count = get_ue_golomb_31(gb);
486 if (avctx->codec_tag == MKTAG('S', 'M', 'V', '2'))
487 sps->ref_frame_count = FFMAX(2, sps->ref_frame_count);
488 if (sps->ref_frame_count > MAX_DELAYED_PIC_COUNT) {
489 av_log(avctx, AV_LOG_ERROR,
490 "too many reference frames %d\n", sps->ref_frame_count);
491 goto fail;
492 }
493 sps->gaps_in_frame_num_allowed_flag = get_bits1(gb);
494 sps->mb_width = get_ue_golomb(gb) + 1;
495 sps->mb_height = get_ue_golomb(gb) + 1;
496
497 sps->frame_mbs_only_flag = get_bits1(gb);
498
499 if (sps->mb_height >= INT_MAX / 2U) {
500 av_log(avctx, AV_LOG_ERROR, "height overflow\n");
501 goto fail;
502 }
503 sps->mb_height *= 2 - sps->frame_mbs_only_flag;
504
505 if (!sps->frame_mbs_only_flag)
506 sps->mb_aff = get_bits1(gb);
507 else
508 sps->mb_aff = 0;
509
510 if ((unsigned)sps->mb_width >= INT_MAX / 16 ||
511 (unsigned)sps->mb_height >= INT_MAX / 16 ||
512 av_image_check_size(16 * sps->mb_width,
513 16 * sps->mb_height, 0, avctx)) {
514 av_log(avctx, AV_LOG_ERROR, "mb_width/height overflow\n");
515 goto fail;
516 }
517
518 sps->direct_8x8_inference_flag = get_bits1(gb);
519
520 #ifndef ALLOW_INTERLACE
521 if (sps->mb_aff)
522 av_log(avctx, AV_LOG_ERROR,
523 "MBAFF support not included; enable it at compile-time.\n");
524 #endif
525 sps->crop = get_bits1(gb);
526 if (sps->crop) {
527 unsigned int crop_left = get_ue_golomb(gb);
528 unsigned int crop_right = get_ue_golomb(gb);
529 unsigned int crop_top = get_ue_golomb(gb);
530 unsigned int crop_bottom = get_ue_golomb(gb);
531 int width = 16 * sps->mb_width;
532 int height = 16 * sps->mb_height;
533
534 if (avctx->flags2 & AV_CODEC_FLAG2_IGNORE_CROP) {
535 av_log(avctx, AV_LOG_DEBUG, "discarding sps cropping, original "
536 "values are l:%d r:%d t:%d b:%d\n",
537 crop_left, crop_right, crop_top, crop_bottom);
538
539 sps->crop_left =
540 sps->crop_right =
541 sps->crop_top =
542 sps->crop_bottom = 0;
543 } else {
544 int vsub = (sps->chroma_format_idc == 1) ? 1 : 0;
545 int hsub = (sps->chroma_format_idc == 1 ||
546 sps->chroma_format_idc == 2) ? 1 : 0;
547 int step_x = 1 << hsub;
548 int step_y = (2 - sps->frame_mbs_only_flag) << vsub;
549
550 if (crop_left > (unsigned)INT_MAX / 4 / step_x ||
551 crop_right > (unsigned)INT_MAX / 4 / step_x ||
552 crop_top > (unsigned)INT_MAX / 4 / step_y ||
553 crop_bottom> (unsigned)INT_MAX / 4 / step_y ||
554 (crop_left + crop_right ) * step_x >= width ||
555 (crop_top + crop_bottom) * step_y >= height
556 ) {
557 av_log(avctx, AV_LOG_ERROR, "crop values invalid %d %d %d %d / %d %d\n", crop_left, crop_right, crop_top, crop_bottom, width, height);
558 goto fail;
559 }
560
561 sps->crop_left = crop_left * step_x;
562 sps->crop_right = crop_right * step_x;
563 sps->crop_top = crop_top * step_y;
564 sps->crop_bottom = crop_bottom * step_y;
565 }
566 } else {
567 sps->crop_left =
568 sps->crop_right =
569 sps->crop_top =
570 sps->crop_bottom =
571 sps->crop = 0;
572 }
573
574 sps->vui_parameters_present_flag = get_bits1(gb);
575 if (sps->vui_parameters_present_flag) {
576 int ret = decode_vui_parameters(gb, avctx, sps);
577 if (ret < 0)
578 goto fail;
579 }
580
581 if (get_bits_left(gb) < 0) {
582 av_log_once(avctx, ignore_truncation ? AV_LOG_WARNING : AV_LOG_ERROR, AV_LOG_DEBUG,
583 &ps->overread_warning_printed[sps->vui_parameters_present_flag],
584 "Overread %s by %d bits\n", sps->vui_parameters_present_flag ? "VUI" : "SPS", -get_bits_left(gb));
585 if (!ignore_truncation)
586 goto fail;
587 }
588
589 /* if the maximum delay is not stored in the SPS, derive it based on the
590 * level */
591 if (!sps->bitstream_restriction_flag &&
592 (sps->ref_frame_count || avctx->strict_std_compliance >= FF_COMPLIANCE_STRICT)) {
593 sps->num_reorder_frames = MAX_DELAYED_PIC_COUNT - 1;
594 for (i = 0; i < FF_ARRAY_ELEMS(level_max_dpb_mbs); i++) {
595 if (level_max_dpb_mbs[i][0] == sps->level_idc) {
596 sps->num_reorder_frames = FFMIN(level_max_dpb_mbs[i][1] / (sps->mb_width * sps->mb_height),
597 sps->num_reorder_frames);
598 break;
599 }
600 }
601 }
602
603 if (!sps->sar.den)
604 sps->sar.den = 1;
605
606 if (avctx->debug & FF_DEBUG_PICT_INFO) {
607 static const char csp[4][5] = { "Gray", "420", "422", "444" };
608 av_log(avctx, AV_LOG_DEBUG,
609 "sps:%u profile:%d/%d poc:%d ref:%d %dx%d %s %s crop:%u/%u/%u/%u %s %s %"PRId32"/%"PRId32" b%d reo:%d\n",
610 sps_id, sps->profile_idc, sps->level_idc,
611 sps->poc_type,
612 sps->ref_frame_count,
613 sps->mb_width, sps->mb_height,
614 sps->frame_mbs_only_flag ? "FRM" : (sps->mb_aff ? "MB-AFF" : "PIC-AFF"),
615 sps->direct_8x8_inference_flag ? "8B8" : "",
616 sps->crop_left, sps->crop_right,
617 sps->crop_top, sps->crop_bottom,
618 sps->vui_parameters_present_flag ? "VUI" : "",
619 csp[sps->chroma_format_idc],
620 sps->timing_info_present_flag ? sps->num_units_in_tick : 0,
621 sps->timing_info_present_flag ? sps->time_scale : 0,
622 sps->bit_depth_luma,
623 sps->bitstream_restriction_flag ? sps->num_reorder_frames : -1
624 );
625 }
626
627 /* check if this is a repeat of an already parsed SPS, then keep the
628 * original one.
629 * otherwise drop all PPSes that depend on it */
630 if (ps->sps_list[sps_id] &&
631 !memcmp(ps->sps_list[sps_id]->data, sps_buf->data, sps_buf->size)) {
632 av_buffer_unref(&sps_buf);
633 } else {
634 remove_sps(ps, sps_id);
635 ps->sps_list[sps_id] = sps_buf;
636 }
637
638 return 0;
639
640 fail:
641 av_buffer_unref(&sps_buf);
642 return AVERROR_INVALIDDATA;
643 }
644
init_dequant8_coeff_table(PPS * pps,const SPS * sps)645 static void init_dequant8_coeff_table(PPS *pps, const SPS *sps)
646 {
647 int i, j, q, x;
648 const int max_qp = 51 + 6 * (sps->bit_depth_luma - 8);
649
650 for (i = 0; i < 6; i++) {
651 pps->dequant8_coeff[i] = pps->dequant8_buffer[i];
652 for (j = 0; j < i; j++)
653 if (!memcmp(pps->scaling_matrix8[j], pps->scaling_matrix8[i],
654 64 * sizeof(uint8_t))) {
655 pps->dequant8_coeff[i] = pps->dequant8_buffer[j];
656 break;
657 }
658 if (j < i)
659 continue;
660
661 for (q = 0; q < max_qp + 1; q++) {
662 int shift = ff_h264_quant_div6[q];
663 int idx = ff_h264_quant_rem6[q];
664 for (x = 0; x < 64; x++)
665 pps->dequant8_coeff[i][q][(x >> 3) | ((x & 7) << 3)] =
666 ((uint32_t)ff_h264_dequant8_coeff_init[idx][ff_h264_dequant8_coeff_init_scan[((x >> 1) & 12) | (x & 3)]] *
667 pps->scaling_matrix8[i][x]) << shift;
668 }
669 }
670 }
671
init_dequant4_coeff_table(PPS * pps,const SPS * sps)672 static void init_dequant4_coeff_table(PPS *pps, const SPS *sps)
673 {
674 int i, j, q, x;
675 const int max_qp = 51 + 6 * (sps->bit_depth_luma - 8);
676 for (i = 0; i < 6; i++) {
677 pps->dequant4_coeff[i] = pps->dequant4_buffer[i];
678 for (j = 0; j < i; j++)
679 if (!memcmp(pps->scaling_matrix4[j], pps->scaling_matrix4[i],
680 16 * sizeof(uint8_t))) {
681 pps->dequant4_coeff[i] = pps->dequant4_buffer[j];
682 break;
683 }
684 if (j < i)
685 continue;
686
687 for (q = 0; q < max_qp + 1; q++) {
688 int shift = ff_h264_quant_div6[q] + 2;
689 int idx = ff_h264_quant_rem6[q];
690 for (x = 0; x < 16; x++)
691 pps->dequant4_coeff[i][q][(x >> 2) | ((x << 2) & 0xF)] =
692 ((uint32_t)ff_h264_dequant4_coeff_init[idx][(x & 1) + ((x >> 2) & 1)] *
693 pps->scaling_matrix4[i][x]) << shift;
694 }
695 }
696 }
697
init_dequant_tables(PPS * pps,const SPS * sps)698 static void init_dequant_tables(PPS *pps, const SPS *sps)
699 {
700 int i, x;
701 init_dequant4_coeff_table(pps, sps);
702 memset(pps->dequant8_coeff, 0, sizeof(pps->dequant8_coeff));
703
704 if (pps->transform_8x8_mode)
705 init_dequant8_coeff_table(pps, sps);
706 if (sps->transform_bypass) {
707 for (i = 0; i < 6; i++)
708 for (x = 0; x < 16; x++)
709 pps->dequant4_coeff[i][0][x] = 1 << 6;
710 if (pps->transform_8x8_mode)
711 for (i = 0; i < 6; i++)
712 for (x = 0; x < 64; x++)
713 pps->dequant8_coeff[i][0][x] = 1 << 6;
714 }
715 }
716
build_qp_table(PPS * pps,int t,int index,const int depth)717 static void build_qp_table(PPS *pps, int t, int index, const int depth)
718 {
719 int i;
720 const int max_qp = 51 + 6 * (depth - 8);
721 for (i = 0; i < max_qp + 1; i++)
722 pps->chroma_qp_table[t][i] =
723 ff_h264_chroma_qp[depth - 8][av_clip(i + index, 0, max_qp)];
724 }
725
more_rbsp_data_in_pps(const SPS * sps,void * logctx)726 static int more_rbsp_data_in_pps(const SPS *sps, void *logctx)
727 {
728 int profile_idc = sps->profile_idc;
729
730 if ((profile_idc == 66 || profile_idc == 77 ||
731 profile_idc == 88) && (sps->constraint_set_flags & 7)) {
732 av_log(logctx, AV_LOG_VERBOSE,
733 "Current profile doesn't provide more RBSP data in PPS, skipping\n");
734 return 0;
735 }
736
737 return 1;
738 }
739
pps_free(void * opaque,uint8_t * data)740 static void pps_free(void *opaque, uint8_t *data)
741 {
742 PPS *pps = (PPS*)data;
743
744 av_buffer_unref(&pps->sps_ref);
745
746 av_freep(&data);
747 }
748
ff_h264_decode_picture_parameter_set(GetBitContext * gb,AVCodecContext * avctx,H264ParamSets * ps,int bit_length)749 int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
750 H264ParamSets *ps, int bit_length)
751 {
752 AVBufferRef *pps_buf;
753 const SPS *sps;
754 unsigned int pps_id = get_ue_golomb(gb);
755 PPS *pps;
756 int qp_bd_offset;
757 int bits_left;
758 int ret;
759
760 if (pps_id >= MAX_PPS_COUNT) {
761 av_log(avctx, AV_LOG_ERROR, "pps_id %u out of range\n", pps_id);
762 return AVERROR_INVALIDDATA;
763 }
764
765 pps = av_mallocz(sizeof(*pps));
766 if (!pps)
767 return AVERROR(ENOMEM);
768 pps_buf = av_buffer_create((uint8_t*)pps, sizeof(*pps),
769 pps_free, NULL, 0);
770 if (!pps_buf) {
771 av_freep(&pps);
772 return AVERROR(ENOMEM);
773 }
774
775 pps->data_size = gb->buffer_end - gb->buffer;
776 if (pps->data_size > sizeof(pps->data)) {
777 av_log(avctx, AV_LOG_DEBUG, "Truncating likely oversized PPS "
778 "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n",
779 pps->data_size, sizeof(pps->data));
780 pps->data_size = sizeof(pps->data);
781 }
782 memcpy(pps->data, gb->buffer, pps->data_size);
783
784 pps->sps_id = get_ue_golomb_31(gb);
785 if ((unsigned)pps->sps_id >= MAX_SPS_COUNT ||
786 !ps->sps_list[pps->sps_id]) {
787 av_log(avctx, AV_LOG_ERROR, "sps_id %u out of range\n", pps->sps_id);
788 ret = AVERROR_INVALIDDATA;
789 goto fail;
790 }
791 pps->sps_ref = av_buffer_ref(ps->sps_list[pps->sps_id]);
792 if (!pps->sps_ref) {
793 ret = AVERROR(ENOMEM);
794 goto fail;
795 }
796 pps->sps = (const SPS*)pps->sps_ref->data;
797 sps = pps->sps;
798
799 if (sps->bit_depth_luma > 14) {
800 av_log(avctx, AV_LOG_ERROR,
801 "Invalid luma bit depth=%d\n",
802 sps->bit_depth_luma);
803 ret = AVERROR_INVALIDDATA;
804 goto fail;
805 } else if (sps->bit_depth_luma == 11 || sps->bit_depth_luma == 13) {
806 avpriv_report_missing_feature(avctx,
807 "Unimplemented luma bit depth=%d",
808 sps->bit_depth_luma);
809 ret = AVERROR_PATCHWELCOME;
810 goto fail;
811 }
812
813 pps->cabac = get_bits1(gb);
814 pps->pic_order_present = get_bits1(gb);
815 pps->slice_group_count = get_ue_golomb(gb) + 1;
816 if (pps->slice_group_count > 1) {
817 pps->mb_slice_group_map_type = get_ue_golomb(gb);
818 avpriv_report_missing_feature(avctx, "FMO");
819 ret = AVERROR_PATCHWELCOME;
820 goto fail;
821 }
822 pps->ref_count[0] = get_ue_golomb(gb) + 1;
823 pps->ref_count[1] = get_ue_golomb(gb) + 1;
824 if (pps->ref_count[0] - 1 > 32 - 1 || pps->ref_count[1] - 1 > 32 - 1) {
825 av_log(avctx, AV_LOG_ERROR, "reference overflow (pps)\n");
826 ret = AVERROR_INVALIDDATA;
827 goto fail;
828 }
829
830 qp_bd_offset = 6 * (sps->bit_depth_luma - 8);
831
832 pps->weighted_pred = get_bits1(gb);
833 pps->weighted_bipred_idc = get_bits(gb, 2);
834 pps->init_qp = get_se_golomb(gb) + 26U + qp_bd_offset;
835 pps->init_qs = get_se_golomb(gb) + 26U + qp_bd_offset;
836 pps->chroma_qp_index_offset[0] = get_se_golomb(gb);
837 if (pps->chroma_qp_index_offset[0] < -12 || pps->chroma_qp_index_offset[0] > 12) {
838 ret = AVERROR_INVALIDDATA;
839 goto fail;
840 }
841
842 pps->deblocking_filter_parameters_present = get_bits1(gb);
843 pps->constrained_intra_pred = get_bits1(gb);
844 pps->redundant_pic_cnt_present = get_bits1(gb);
845
846 pps->transform_8x8_mode = 0;
847 memcpy(pps->scaling_matrix4, sps->scaling_matrix4,
848 sizeof(pps->scaling_matrix4));
849 memcpy(pps->scaling_matrix8, sps->scaling_matrix8,
850 sizeof(pps->scaling_matrix8));
851
852 bits_left = bit_length - get_bits_count(gb);
853 if (bits_left > 0 && more_rbsp_data_in_pps(sps, avctx)) {
854 pps->transform_8x8_mode = get_bits1(gb);
855 ret = decode_scaling_matrices(gb, sps, pps, 0,
856 pps->scaling_matrix4, pps->scaling_matrix8);
857 if (ret < 0)
858 goto fail;
859 // second_chroma_qp_index_offset
860 pps->chroma_qp_index_offset[1] = get_se_golomb(gb);
861 if (pps->chroma_qp_index_offset[1] < -12 || pps->chroma_qp_index_offset[1] > 12) {
862 ret = AVERROR_INVALIDDATA;
863 goto fail;
864 }
865 } else {
866 pps->chroma_qp_index_offset[1] = pps->chroma_qp_index_offset[0];
867 }
868
869 build_qp_table(pps, 0, pps->chroma_qp_index_offset[0],
870 sps->bit_depth_luma);
871 build_qp_table(pps, 1, pps->chroma_qp_index_offset[1],
872 sps->bit_depth_luma);
873
874 init_dequant_tables(pps, sps);
875
876 if (pps->chroma_qp_index_offset[0] != pps->chroma_qp_index_offset[1])
877 pps->chroma_qp_diff = 1;
878
879 if (avctx->debug & FF_DEBUG_PICT_INFO) {
880 av_log(avctx, AV_LOG_DEBUG,
881 "pps:%u sps:%u %s slice_groups:%d ref:%u/%u %s qp:%d/%d/%d/%d %s %s %s %s\n",
882 pps_id, pps->sps_id,
883 pps->cabac ? "CABAC" : "CAVLC",
884 pps->slice_group_count,
885 pps->ref_count[0], pps->ref_count[1],
886 pps->weighted_pred ? "weighted" : "",
887 pps->init_qp, pps->init_qs, pps->chroma_qp_index_offset[0], pps->chroma_qp_index_offset[1],
888 pps->deblocking_filter_parameters_present ? "LPAR" : "",
889 pps->constrained_intra_pred ? "CONSTR" : "",
890 pps->redundant_pic_cnt_present ? "REDU" : "",
891 pps->transform_8x8_mode ? "8x8DCT" : "");
892 }
893
894 remove_pps(ps, pps_id);
895 ps->pps_list[pps_id] = pps_buf;
896
897 return 0;
898
899 fail:
900 av_buffer_unref(&pps_buf);
901 return ret;
902 }
903