1 /*
2 * H.26L/H.264/AVC/JVT/14496-10/... parameter set decoding
3 * Copyright (c) 2003 Michael Niedermayer <michaelni@gmx.at>
4 *
5 * This file is part of FFmpeg.
6 *
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 /**
23 * @file
24 * H.264 / AVC / MPEG-4 part10 parameter set decoding.
25 * @author Michael Niedermayer <michaelni@gmx.at>
26 */
27
28 #include <inttypes.h>
29
30 #include "libavutil/imgutils.h"
31 #include "mathops.h"
32 #include "avcodec.h"
33 #include "h264data.h"
34 #include "h264_ps.h"
35 #include "golomb.h"
36
37 #define MIN_LOG2_MAX_FRAME_NUM 4
38
39 #define EXTENDED_SAR 255
40
41 static const uint8_t default_scaling4[2][16] = {
42 { 6, 13, 20, 28, 13, 20, 28, 32,
43 20, 28, 32, 37, 28, 32, 37, 42 },
44 { 10, 14, 20, 24, 14, 20, 24, 27,
45 20, 24, 27, 30, 24, 27, 30, 34 }
46 };
47
48 static const uint8_t default_scaling8[2][64] = {
49 { 6, 10, 13, 16, 18, 23, 25, 27,
50 10, 11, 16, 18, 23, 25, 27, 29,
51 13, 16, 18, 23, 25, 27, 29, 31,
52 16, 18, 23, 25, 27, 29, 31, 33,
53 18, 23, 25, 27, 29, 31, 33, 36,
54 23, 25, 27, 29, 31, 33, 36, 38,
55 25, 27, 29, 31, 33, 36, 38, 40,
56 27, 29, 31, 33, 36, 38, 40, 42 },
57 { 9, 13, 15, 17, 19, 21, 22, 24,
58 13, 13, 17, 19, 21, 22, 24, 25,
59 15, 17, 19, 21, 22, 24, 25, 27,
60 17, 19, 21, 22, 24, 25, 27, 28,
61 19, 21, 22, 24, 25, 27, 28, 30,
62 21, 22, 24, 25, 27, 28, 30, 32,
63 22, 24, 25, 27, 28, 30, 32, 33,
64 24, 25, 27, 28, 30, 32, 33, 35 }
65 };
66
67 /* maximum number of MBs in the DPB for a given level */
68 static const int level_max_dpb_mbs[][2] = {
69 { 10, 396 },
70 { 11, 900 },
71 { 12, 2376 },
72 { 13, 2376 },
73 { 20, 2376 },
74 { 21, 4752 },
75 { 22, 8100 },
76 { 30, 8100 },
77 { 31, 18000 },
78 { 32, 20480 },
79 { 40, 32768 },
80 { 41, 32768 },
81 { 42, 34816 },
82 { 50, 110400 },
83 { 51, 184320 },
84 { 52, 184320 },
85 };
86
remove_pps(H264ParamSets * s,int id)87 static void remove_pps(H264ParamSets *s, int id)
88 {
89 av_buffer_unref(&s->pps_list[id]);
90 }
91
remove_sps(H264ParamSets * s,int id)92 static void remove_sps(H264ParamSets *s, int id)
93 {
94 #if 0
95 int i;
96 if (s->sps_list[id]) {
97 /* drop all PPS that depend on this SPS */
98 for (i = 0; i < FF_ARRAY_ELEMS(s->pps_list); i++)
99 if (s->pps_list[i] && ((PPS*)s->pps_list[i]->data)->sps_id == id)
100 remove_pps(s, i);
101 }
102 #endif
103 av_buffer_unref(&s->sps_list[id]);
104 }
105
decode_hrd_parameters(GetBitContext * gb,void * logctx,SPS * sps)106 static inline int decode_hrd_parameters(GetBitContext *gb, void *logctx,
107 SPS *sps)
108 {
109 int cpb_count, i;
110 cpb_count = get_ue_golomb_31(gb) + 1;
111
112 if (cpb_count > 32U) {
113 av_log(logctx, AV_LOG_ERROR, "cpb_count %d invalid\n", cpb_count);
114 return AVERROR_INVALIDDATA;
115 }
116
117 get_bits(gb, 4); /* bit_rate_scale */
118 get_bits(gb, 4); /* cpb_size_scale */
119 for (i = 0; i < cpb_count; i++) {
120 get_ue_golomb_long(gb); /* bit_rate_value_minus1 */
121 get_ue_golomb_long(gb); /* cpb_size_value_minus1 */
122 get_bits1(gb); /* cbr_flag */
123 }
124 sps->initial_cpb_removal_delay_length = get_bits(gb, 5) + 1;
125 sps->cpb_removal_delay_length = get_bits(gb, 5) + 1;
126 sps->dpb_output_delay_length = get_bits(gb, 5) + 1;
127 sps->time_offset_length = get_bits(gb, 5);
128 sps->cpb_cnt = cpb_count;
129 return 0;
130 }
131
decode_vui_parameters(GetBitContext * gb,void * logctx,SPS * sps)132 static inline int decode_vui_parameters(GetBitContext *gb, void *logctx,
133 SPS *sps)
134 {
135 int aspect_ratio_info_present_flag;
136 unsigned int aspect_ratio_idc;
137
138 aspect_ratio_info_present_flag = get_bits1(gb);
139
140 if (aspect_ratio_info_present_flag) {
141 aspect_ratio_idc = get_bits(gb, 8);
142 if (aspect_ratio_idc == EXTENDED_SAR) {
143 sps->sar.num = get_bits(gb, 16);
144 sps->sar.den = get_bits(gb, 16);
145 } else if (aspect_ratio_idc < FF_ARRAY_ELEMS(ff_h264_pixel_aspect)) {
146 sps->sar = ff_h264_pixel_aspect[aspect_ratio_idc];
147 } else {
148 av_log(logctx, AV_LOG_ERROR, "illegal aspect ratio\n");
149 return AVERROR_INVALIDDATA;
150 }
151 } else {
152 sps->sar.num =
153 sps->sar.den = 0;
154 }
155
156 if (get_bits1(gb)) /* overscan_info_present_flag */
157 get_bits1(gb); /* overscan_appropriate_flag */
158
159 sps->video_signal_type_present_flag = get_bits1(gb);
160 if (sps->video_signal_type_present_flag) {
161 get_bits(gb, 3); /* video_format */
162 sps->full_range = get_bits1(gb); /* video_full_range_flag */
163
164 sps->colour_description_present_flag = get_bits1(gb);
165 if (sps->colour_description_present_flag) {
166 sps->color_primaries = get_bits(gb, 8); /* colour_primaries */
167 sps->color_trc = get_bits(gb, 8); /* transfer_characteristics */
168 sps->colorspace = get_bits(gb, 8); /* matrix_coefficients */
169
170 // Set invalid values to "unspecified"
171 if (!av_color_primaries_name(sps->color_primaries))
172 sps->color_primaries = AVCOL_PRI_UNSPECIFIED;
173 if (!av_color_transfer_name(sps->color_trc))
174 sps->color_trc = AVCOL_TRC_UNSPECIFIED;
175 if (!av_color_space_name(sps->colorspace))
176 sps->colorspace = AVCOL_SPC_UNSPECIFIED;
177 }
178 }
179
180 /* chroma_location_info_present_flag */
181 if (get_bits1(gb)) {
182 /* chroma_sample_location_type_top_field */
183 sps->chroma_location = get_ue_golomb_31(gb) + 1;
184 get_ue_golomb_31(gb); /* chroma_sample_location_type_bottom_field */
185 } else
186 sps->chroma_location = AVCHROMA_LOC_LEFT;
187
188 if (show_bits1(gb) && get_bits_left(gb) < 10) {
189 av_log(logctx, AV_LOG_WARNING, "Truncated VUI (%d)\n", get_bits_left(gb));
190 return 0;
191 }
192
193 sps->timing_info_present_flag = get_bits1(gb);
194 if (sps->timing_info_present_flag) {
195 unsigned num_units_in_tick = get_bits_long(gb, 32);
196 unsigned time_scale = get_bits_long(gb, 32);
197 if (!num_units_in_tick || !time_scale) {
198 av_log(logctx, AV_LOG_ERROR,
199 "time_scale/num_units_in_tick invalid or unsupported (%u/%u)\n",
200 time_scale, num_units_in_tick);
201 sps->timing_info_present_flag = 0;
202 } else {
203 sps->num_units_in_tick = num_units_in_tick;
204 sps->time_scale = time_scale;
205 }
206 sps->fixed_frame_rate_flag = get_bits1(gb);
207 }
208
209 sps->nal_hrd_parameters_present_flag = get_bits1(gb);
210 if (sps->nal_hrd_parameters_present_flag)
211 if (decode_hrd_parameters(gb, logctx, sps) < 0)
212 return AVERROR_INVALIDDATA;
213 sps->vcl_hrd_parameters_present_flag = get_bits1(gb);
214 if (sps->vcl_hrd_parameters_present_flag)
215 if (decode_hrd_parameters(gb, logctx, sps) < 0)
216 return AVERROR_INVALIDDATA;
217 if (sps->nal_hrd_parameters_present_flag ||
218 sps->vcl_hrd_parameters_present_flag)
219 get_bits1(gb); /* low_delay_hrd_flag */
220 sps->pic_struct_present_flag = get_bits1(gb);
221 if (!get_bits_left(gb))
222 return 0;
223 sps->bitstream_restriction_flag = get_bits1(gb);
224 if (sps->bitstream_restriction_flag) {
225 get_bits1(gb); /* motion_vectors_over_pic_boundaries_flag */
226 get_ue_golomb_31(gb); /* max_bytes_per_pic_denom */
227 get_ue_golomb_31(gb); /* max_bits_per_mb_denom */
228 get_ue_golomb_31(gb); /* log2_max_mv_length_horizontal */
229 get_ue_golomb_31(gb); /* log2_max_mv_length_vertical */
230 sps->num_reorder_frames = get_ue_golomb_31(gb);
231 get_ue_golomb_31(gb); /*max_dec_frame_buffering*/
232
233 if (get_bits_left(gb) < 0) {
234 sps->num_reorder_frames = 0;
235 sps->bitstream_restriction_flag = 0;
236 }
237
238 if (sps->num_reorder_frames > 16U
239 /* max_dec_frame_buffering || max_dec_frame_buffering > 16 */) {
240 av_log(logctx, AV_LOG_ERROR,
241 "Clipping illegal num_reorder_frames %d\n",
242 sps->num_reorder_frames);
243 sps->num_reorder_frames = 16;
244 return AVERROR_INVALIDDATA;
245 }
246 }
247
248 return 0;
249 }
250
decode_scaling_list(GetBitContext * gb,uint8_t * factors,int size,const uint8_t * jvt_list,const uint8_t * fallback_list)251 static int decode_scaling_list(GetBitContext *gb, uint8_t *factors, int size,
252 const uint8_t *jvt_list,
253 const uint8_t *fallback_list)
254 {
255 int i, last = 8, next = 8;
256 const uint8_t *scan = size == 16 ? ff_zigzag_scan : ff_zigzag_direct;
257 if (!get_bits1(gb)) /* matrix not written, we use the predicted one */
258 memcpy(factors, fallback_list, size * sizeof(uint8_t));
259 else
260 for (i = 0; i < size; i++) {
261 if (next) {
262 int v = get_se_golomb(gb);
263 if (v < -128 || v > 127) {
264 av_log(NULL, AV_LOG_ERROR, "delta scale %d is invalid\n", v);
265 return AVERROR_INVALIDDATA;
266 }
267 next = (last + v) & 0xff;
268 }
269 if (!i && !next) { /* matrix not written, we use the preset one */
270 memcpy(factors, jvt_list, size * sizeof(uint8_t));
271 break;
272 }
273 last = factors[scan[i]] = next ? next : last;
274 }
275 return 0;
276 }
277
278 /* returns non zero if the provided SPS scaling matrix has been filled */
decode_scaling_matrices(GetBitContext * gb,const SPS * sps,const PPS * pps,int is_sps,uint8_t (* scaling_matrix4)[16],uint8_t (* scaling_matrix8)[64])279 static int decode_scaling_matrices(GetBitContext *gb, const SPS *sps,
280 const PPS *pps, int is_sps,
281 uint8_t(*scaling_matrix4)[16],
282 uint8_t(*scaling_matrix8)[64])
283 {
284 int fallback_sps = !is_sps && sps->scaling_matrix_present;
285 const uint8_t *fallback[4] = {
286 fallback_sps ? sps->scaling_matrix4[0] : default_scaling4[0],
287 fallback_sps ? sps->scaling_matrix4[3] : default_scaling4[1],
288 fallback_sps ? sps->scaling_matrix8[0] : default_scaling8[0],
289 fallback_sps ? sps->scaling_matrix8[3] : default_scaling8[1]
290 };
291 int ret = 0;
292 if (get_bits1(gb)) {
293 ret |= decode_scaling_list(gb, scaling_matrix4[0], 16, default_scaling4[0], fallback[0]); // Intra, Y
294 ret |= decode_scaling_list(gb, scaling_matrix4[1], 16, default_scaling4[0], scaling_matrix4[0]); // Intra, Cr
295 ret |= decode_scaling_list(gb, scaling_matrix4[2], 16, default_scaling4[0], scaling_matrix4[1]); // Intra, Cb
296 ret |= decode_scaling_list(gb, scaling_matrix4[3], 16, default_scaling4[1], fallback[1]); // Inter, Y
297 ret |= decode_scaling_list(gb, scaling_matrix4[4], 16, default_scaling4[1], scaling_matrix4[3]); // Inter, Cr
298 ret |= decode_scaling_list(gb, scaling_matrix4[5], 16, default_scaling4[1], scaling_matrix4[4]); // Inter, Cb
299 if (is_sps || pps->transform_8x8_mode) {
300 ret |= decode_scaling_list(gb, scaling_matrix8[0], 64, default_scaling8[0], fallback[2]); // Intra, Y
301 ret |= decode_scaling_list(gb, scaling_matrix8[3], 64, default_scaling8[1], fallback[3]); // Inter, Y
302 if (sps->chroma_format_idc == 3) {
303 ret |= decode_scaling_list(gb, scaling_matrix8[1], 64, default_scaling8[0], scaling_matrix8[0]); // Intra, Cr
304 ret |= decode_scaling_list(gb, scaling_matrix8[4], 64, default_scaling8[1], scaling_matrix8[3]); // Inter, Cr
305 ret |= decode_scaling_list(gb, scaling_matrix8[2], 64, default_scaling8[0], scaling_matrix8[1]); // Intra, Cb
306 ret |= decode_scaling_list(gb, scaling_matrix8[5], 64, default_scaling8[1], scaling_matrix8[4]); // Inter, Cb
307 }
308 }
309 if (!ret)
310 ret = is_sps;
311 }
312
313 return ret;
314 }
315
ff_h264_ps_uninit(H264ParamSets * ps)316 void ff_h264_ps_uninit(H264ParamSets *ps)
317 {
318 int i;
319
320 for (i = 0; i < MAX_SPS_COUNT; i++)
321 av_buffer_unref(&ps->sps_list[i]);
322
323 for (i = 0; i < MAX_PPS_COUNT; i++)
324 av_buffer_unref(&ps->pps_list[i]);
325
326 av_buffer_unref(&ps->pps_ref);
327
328 ps->pps = NULL;
329 ps->sps = NULL;
330 }
331
ff_h264_decode_seq_parameter_set(GetBitContext * gb,AVCodecContext * avctx,H264ParamSets * ps,int ignore_truncation)332 int ff_h264_decode_seq_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
333 H264ParamSets *ps, int ignore_truncation)
334 {
335 AVBufferRef *sps_buf;
336 int profile_idc, level_idc, constraint_set_flags = 0;
337 unsigned int sps_id;
338 int i, log2_max_frame_num_minus4;
339 SPS *sps;
340 int ret;
341
342 sps_buf = av_buffer_allocz(sizeof(*sps));
343 if (!sps_buf)
344 return AVERROR(ENOMEM);
345 sps = (SPS*)sps_buf->data;
346
347 sps->data_size = gb->buffer_end - gb->buffer;
348 if (sps->data_size > sizeof(sps->data)) {
349 av_log(avctx, AV_LOG_DEBUG, "Truncating likely oversized SPS\n");
350 sps->data_size = sizeof(sps->data);
351 }
352 memcpy(sps->data, gb->buffer, sps->data_size);
353
354 // Re-add the removed stop bit (may be used by hwaccels).
355 if (!(gb->size_in_bits & 7) && sps->data_size < sizeof(sps->data))
356 sps->data[sps->data_size++] = 0x80;
357
358 profile_idc = get_bits(gb, 8);
359 constraint_set_flags |= get_bits1(gb) << 0; // constraint_set0_flag
360 constraint_set_flags |= get_bits1(gb) << 1; // constraint_set1_flag
361 constraint_set_flags |= get_bits1(gb) << 2; // constraint_set2_flag
362 constraint_set_flags |= get_bits1(gb) << 3; // constraint_set3_flag
363 constraint_set_flags |= get_bits1(gb) << 4; // constraint_set4_flag
364 constraint_set_flags |= get_bits1(gb) << 5; // constraint_set5_flag
365 skip_bits(gb, 2); // reserved_zero_2bits
366 level_idc = get_bits(gb, 8);
367 sps_id = get_ue_golomb_31(gb);
368
369 if (sps_id >= MAX_SPS_COUNT) {
370 av_log(avctx, AV_LOG_ERROR, "sps_id %u out of range\n", sps_id);
371 goto fail;
372 }
373
374 sps->sps_id = sps_id;
375 sps->time_offset_length = 24;
376 sps->profile_idc = profile_idc;
377 sps->constraint_set_flags = constraint_set_flags;
378 sps->level_idc = level_idc;
379 sps->full_range = -1;
380
381 memset(sps->scaling_matrix4, 16, sizeof(sps->scaling_matrix4));
382 memset(sps->scaling_matrix8, 16, sizeof(sps->scaling_matrix8));
383 sps->scaling_matrix_present = 0;
384 sps->colorspace = 2; //AVCOL_SPC_UNSPECIFIED
385
386 if (sps->profile_idc == 100 || // High profile
387 sps->profile_idc == 110 || // High10 profile
388 sps->profile_idc == 122 || // High422 profile
389 sps->profile_idc == 244 || // High444 Predictive profile
390 sps->profile_idc == 44 || // Cavlc444 profile
391 sps->profile_idc == 83 || // Scalable Constrained High profile (SVC)
392 sps->profile_idc == 86 || // Scalable High Intra profile (SVC)
393 sps->profile_idc == 118 || // Stereo High profile (MVC)
394 sps->profile_idc == 128 || // Multiview High profile (MVC)
395 sps->profile_idc == 138 || // Multiview Depth High profile (MVCD)
396 sps->profile_idc == 144) { // old High444 profile
397 sps->chroma_format_idc = get_ue_golomb_31(gb);
398 if (sps->chroma_format_idc > 3U) {
399 avpriv_request_sample(avctx, "chroma_format_idc %u",
400 sps->chroma_format_idc);
401 goto fail;
402 } else if (sps->chroma_format_idc == 3) {
403 sps->residual_color_transform_flag = get_bits1(gb);
404 if (sps->residual_color_transform_flag) {
405 av_log(avctx, AV_LOG_ERROR, "separate color planes are not supported\n");
406 goto fail;
407 }
408 }
409 sps->bit_depth_luma = get_ue_golomb_31(gb) + 8;
410 sps->bit_depth_chroma = get_ue_golomb_31(gb) + 8;
411 if (sps->bit_depth_chroma != sps->bit_depth_luma) {
412 avpriv_request_sample(avctx,
413 "Different chroma and luma bit depth");
414 goto fail;
415 }
416 if (sps->bit_depth_luma < 8 || sps->bit_depth_luma > 14 ||
417 sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 14) {
418 av_log(avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n",
419 sps->bit_depth_luma, sps->bit_depth_chroma);
420 goto fail;
421 }
422 sps->transform_bypass = get_bits1(gb);
423 ret = decode_scaling_matrices(gb, sps, NULL, 1,
424 sps->scaling_matrix4, sps->scaling_matrix8);
425 if (ret < 0)
426 goto fail;
427 sps->scaling_matrix_present |= ret;
428 } else {
429 sps->chroma_format_idc = 1;
430 sps->bit_depth_luma = 8;
431 sps->bit_depth_chroma = 8;
432 }
433
434 log2_max_frame_num_minus4 = get_ue_golomb_31(gb);
435 if (log2_max_frame_num_minus4 < MIN_LOG2_MAX_FRAME_NUM - 4 ||
436 log2_max_frame_num_minus4 > MAX_LOG2_MAX_FRAME_NUM - 4) {
437 av_log(avctx, AV_LOG_ERROR,
438 "log2_max_frame_num_minus4 out of range (0-12): %d\n",
439 log2_max_frame_num_minus4);
440 goto fail;
441 }
442 sps->log2_max_frame_num = log2_max_frame_num_minus4 + 4;
443
444 sps->poc_type = get_ue_golomb_31(gb);
445
446 if (sps->poc_type == 0) { // FIXME #define
447 unsigned t = get_ue_golomb_31(gb);
448 if (t>12) {
449 av_log(avctx, AV_LOG_ERROR, "log2_max_poc_lsb (%d) is out of range\n", t);
450 goto fail;
451 }
452 sps->log2_max_poc_lsb = t + 4;
453 } else if (sps->poc_type == 1) { // FIXME #define
454 sps->delta_pic_order_always_zero_flag = get_bits1(gb);
455 sps->offset_for_non_ref_pic = get_se_golomb_long(gb);
456 sps->offset_for_top_to_bottom_field = get_se_golomb_long(gb);
457
458 if ( sps->offset_for_non_ref_pic == INT32_MIN
459 || sps->offset_for_top_to_bottom_field == INT32_MIN
460 ) {
461 av_log(avctx, AV_LOG_ERROR,
462 "offset_for_non_ref_pic or offset_for_top_to_bottom_field is out of range\n");
463 goto fail;
464 }
465
466 sps->poc_cycle_length = get_ue_golomb(gb);
467
468 if ((unsigned)sps->poc_cycle_length >=
469 FF_ARRAY_ELEMS(sps->offset_for_ref_frame)) {
470 av_log(avctx, AV_LOG_ERROR,
471 "poc_cycle_length overflow %d\n", sps->poc_cycle_length);
472 goto fail;
473 }
474
475 for (i = 0; i < sps->poc_cycle_length; i++) {
476 sps->offset_for_ref_frame[i] = get_se_golomb_long(gb);
477 if (sps->offset_for_ref_frame[i] == INT32_MIN) {
478 av_log(avctx, AV_LOG_ERROR,
479 "offset_for_ref_frame is out of range\n");
480 goto fail;
481 }
482 }
483 } else if (sps->poc_type != 2) {
484 av_log(avctx, AV_LOG_ERROR, "illegal POC type %d\n", sps->poc_type);
485 goto fail;
486 }
487
488 sps->ref_frame_count = get_ue_golomb_31(gb);
489 if (avctx->codec_tag == MKTAG('S', 'M', 'V', '2'))
490 sps->ref_frame_count = FFMAX(2, sps->ref_frame_count);
491 if (sps->ref_frame_count > H264_MAX_DPB_FRAMES) {
492 av_log(avctx, AV_LOG_ERROR,
493 "too many reference frames %d\n", sps->ref_frame_count);
494 goto fail;
495 }
496 sps->gaps_in_frame_num_allowed_flag = get_bits1(gb);
497 sps->mb_width = get_ue_golomb(gb) + 1;
498 sps->mb_height = get_ue_golomb(gb) + 1;
499
500 sps->frame_mbs_only_flag = get_bits1(gb);
501
502 if (sps->mb_height >= INT_MAX / 2U) {
503 av_log(avctx, AV_LOG_ERROR, "height overflow\n");
504 goto fail;
505 }
506 sps->mb_height *= 2 - sps->frame_mbs_only_flag;
507
508 if (!sps->frame_mbs_only_flag)
509 sps->mb_aff = get_bits1(gb);
510 else
511 sps->mb_aff = 0;
512
513 if ((unsigned)sps->mb_width >= INT_MAX / 16 ||
514 (unsigned)sps->mb_height >= INT_MAX / 16 ||
515 av_image_check_size(16 * sps->mb_width,
516 16 * sps->mb_height, 0, avctx)) {
517 av_log(avctx, AV_LOG_ERROR, "mb_width/height overflow\n");
518 goto fail;
519 }
520
521 sps->direct_8x8_inference_flag = get_bits1(gb);
522
523 sps->crop = get_bits1(gb);
524 if (sps->crop) {
525 unsigned int crop_left = get_ue_golomb(gb);
526 unsigned int crop_right = get_ue_golomb(gb);
527 unsigned int crop_top = get_ue_golomb(gb);
528 unsigned int crop_bottom = get_ue_golomb(gb);
529 int width = 16 * sps->mb_width;
530 int height = 16 * sps->mb_height;
531
532 if (avctx->flags2 & AV_CODEC_FLAG2_IGNORE_CROP) {
533 av_log(avctx, AV_LOG_DEBUG, "discarding sps cropping, original "
534 "values are l:%d r:%d t:%d b:%d\n",
535 crop_left, crop_right, crop_top, crop_bottom);
536
537 sps->crop_left =
538 sps->crop_right =
539 sps->crop_top =
540 sps->crop_bottom = 0;
541 } else {
542 int vsub = (sps->chroma_format_idc == 1) ? 1 : 0;
543 int hsub = (sps->chroma_format_idc == 1 ||
544 sps->chroma_format_idc == 2) ? 1 : 0;
545 int step_x = 1 << hsub;
546 int step_y = (2 - sps->frame_mbs_only_flag) << vsub;
547
548 if (crop_left > (unsigned)INT_MAX / 4 / step_x ||
549 crop_right > (unsigned)INT_MAX / 4 / step_x ||
550 crop_top > (unsigned)INT_MAX / 4 / step_y ||
551 crop_bottom> (unsigned)INT_MAX / 4 / step_y ||
552 (crop_left + crop_right ) * step_x >= width ||
553 (crop_top + crop_bottom) * step_y >= height
554 ) {
555 av_log(avctx, AV_LOG_ERROR, "crop values invalid %d %d %d %d / %d %d\n", crop_left, crop_right, crop_top, crop_bottom, width, height);
556 goto fail;
557 }
558
559 sps->crop_left = crop_left * step_x;
560 sps->crop_right = crop_right * step_x;
561 sps->crop_top = crop_top * step_y;
562 sps->crop_bottom = crop_bottom * step_y;
563 }
564 } else {
565 sps->crop_left =
566 sps->crop_right =
567 sps->crop_top =
568 sps->crop_bottom =
569 sps->crop = 0;
570 }
571
572 sps->vui_parameters_present_flag = get_bits1(gb);
573 if (sps->vui_parameters_present_flag) {
574 int ret = decode_vui_parameters(gb, avctx, sps);
575 if (ret < 0)
576 goto fail;
577 }
578
579 if (get_bits_left(gb) < 0) {
580 av_log_once(avctx, ignore_truncation ? AV_LOG_WARNING : AV_LOG_ERROR, AV_LOG_DEBUG,
581 &ps->overread_warning_printed[sps->vui_parameters_present_flag],
582 "Overread %s by %d bits\n", sps->vui_parameters_present_flag ? "VUI" : "SPS", -get_bits_left(gb));
583 if (!ignore_truncation)
584 goto fail;
585 }
586
587 /* if the maximum delay is not stored in the SPS, derive it based on the
588 * level */
589 if (!sps->bitstream_restriction_flag &&
590 (sps->ref_frame_count || avctx->strict_std_compliance >= FF_COMPLIANCE_STRICT)) {
591 sps->num_reorder_frames = H264_MAX_DPB_FRAMES - 1;
592 for (i = 0; i < FF_ARRAY_ELEMS(level_max_dpb_mbs); i++) {
593 if (level_max_dpb_mbs[i][0] == sps->level_idc) {
594 sps->num_reorder_frames = FFMIN(level_max_dpb_mbs[i][1] / (sps->mb_width * sps->mb_height),
595 sps->num_reorder_frames);
596 break;
597 }
598 }
599 }
600
601 if (!sps->sar.den)
602 sps->sar.den = 1;
603
604 if (avctx->debug & FF_DEBUG_PICT_INFO) {
605 static const char csp[4][5] = { "Gray", "420", "422", "444" };
606 av_log(avctx, AV_LOG_DEBUG,
607 "sps:%u profile:%d/%d poc:%d ref:%d %dx%d %s %s crop:%u/%u/%u/%u %s %s %"PRId32"/%"PRId32" b%d reo:%d\n",
608 sps_id, sps->profile_idc, sps->level_idc,
609 sps->poc_type,
610 sps->ref_frame_count,
611 sps->mb_width, sps->mb_height,
612 sps->frame_mbs_only_flag ? "FRM" : (sps->mb_aff ? "MB-AFF" : "PIC-AFF"),
613 sps->direct_8x8_inference_flag ? "8B8" : "",
614 sps->crop_left, sps->crop_right,
615 sps->crop_top, sps->crop_bottom,
616 sps->vui_parameters_present_flag ? "VUI" : "",
617 csp[sps->chroma_format_idc],
618 sps->timing_info_present_flag ? sps->num_units_in_tick : 0,
619 sps->timing_info_present_flag ? sps->time_scale : 0,
620 sps->bit_depth_luma,
621 sps->bitstream_restriction_flag ? sps->num_reorder_frames : -1
622 );
623 }
624
625 /* check if this is a repeat of an already parsed SPS, then keep the
626 * original one.
627 * otherwise drop all PPSes that depend on it */
628 if (ps->sps_list[sps_id] &&
629 !memcmp(ps->sps_list[sps_id]->data, sps_buf->data, sps_buf->size)) {
630 av_buffer_unref(&sps_buf);
631 } else {
632 remove_sps(ps, sps_id);
633 ps->sps_list[sps_id] = sps_buf;
634 }
635
636 return 0;
637
638 fail:
639 av_buffer_unref(&sps_buf);
640 return AVERROR_INVALIDDATA;
641 }
642
init_dequant8_coeff_table(PPS * pps,const SPS * sps)643 static void init_dequant8_coeff_table(PPS *pps, const SPS *sps)
644 {
645 int i, j, q, x;
646 const int max_qp = 51 + 6 * (sps->bit_depth_luma - 8);
647
648 for (i = 0; i < 6; i++) {
649 pps->dequant8_coeff[i] = pps->dequant8_buffer[i];
650 for (j = 0; j < i; j++)
651 if (!memcmp(pps->scaling_matrix8[j], pps->scaling_matrix8[i],
652 64 * sizeof(uint8_t))) {
653 pps->dequant8_coeff[i] = pps->dequant8_buffer[j];
654 break;
655 }
656 if (j < i)
657 continue;
658
659 for (q = 0; q < max_qp + 1; q++) {
660 int shift = ff_h264_quant_div6[q];
661 int idx = ff_h264_quant_rem6[q];
662 for (x = 0; x < 64; x++)
663 pps->dequant8_coeff[i][q][(x >> 3) | ((x & 7) << 3)] =
664 ((uint32_t)ff_h264_dequant8_coeff_init[idx][ff_h264_dequant8_coeff_init_scan[((x >> 1) & 12) | (x & 3)]] *
665 pps->scaling_matrix8[i][x]) << shift;
666 }
667 }
668 }
669
init_dequant4_coeff_table(PPS * pps,const SPS * sps)670 static void init_dequant4_coeff_table(PPS *pps, const SPS *sps)
671 {
672 int i, j, q, x;
673 const int max_qp = 51 + 6 * (sps->bit_depth_luma - 8);
674 for (i = 0; i < 6; i++) {
675 pps->dequant4_coeff[i] = pps->dequant4_buffer[i];
676 for (j = 0; j < i; j++)
677 if (!memcmp(pps->scaling_matrix4[j], pps->scaling_matrix4[i],
678 16 * sizeof(uint8_t))) {
679 pps->dequant4_coeff[i] = pps->dequant4_buffer[j];
680 break;
681 }
682 if (j < i)
683 continue;
684
685 for (q = 0; q < max_qp + 1; q++) {
686 int shift = ff_h264_quant_div6[q] + 2;
687 int idx = ff_h264_quant_rem6[q];
688 for (x = 0; x < 16; x++)
689 pps->dequant4_coeff[i][q][(x >> 2) | ((x << 2) & 0xF)] =
690 ((uint32_t)ff_h264_dequant4_coeff_init[idx][(x & 1) + ((x >> 2) & 1)] *
691 pps->scaling_matrix4[i][x]) << shift;
692 }
693 }
694 }
695
init_dequant_tables(PPS * pps,const SPS * sps)696 static void init_dequant_tables(PPS *pps, const SPS *sps)
697 {
698 int i, x;
699 init_dequant4_coeff_table(pps, sps);
700 memset(pps->dequant8_coeff, 0, sizeof(pps->dequant8_coeff));
701
702 if (pps->transform_8x8_mode)
703 init_dequant8_coeff_table(pps, sps);
704 if (sps->transform_bypass) {
705 for (i = 0; i < 6; i++)
706 for (x = 0; x < 16; x++)
707 pps->dequant4_coeff[i][0][x] = 1 << 6;
708 if (pps->transform_8x8_mode)
709 for (i = 0; i < 6; i++)
710 for (x = 0; x < 64; x++)
711 pps->dequant8_coeff[i][0][x] = 1 << 6;
712 }
713 }
714
build_qp_table(PPS * pps,int t,int index,const int depth)715 static void build_qp_table(PPS *pps, int t, int index, const int depth)
716 {
717 int i;
718 const int max_qp = 51 + 6 * (depth - 8);
719 for (i = 0; i < max_qp + 1; i++)
720 pps->chroma_qp_table[t][i] =
721 ff_h264_chroma_qp[depth - 8][av_clip(i + index, 0, max_qp)];
722 }
723
more_rbsp_data_in_pps(const SPS * sps,void * logctx)724 static int more_rbsp_data_in_pps(const SPS *sps, void *logctx)
725 {
726 int profile_idc = sps->profile_idc;
727
728 if ((profile_idc == 66 || profile_idc == 77 ||
729 profile_idc == 88) && (sps->constraint_set_flags & 7)) {
730 av_log(logctx, AV_LOG_VERBOSE,
731 "Current profile doesn't provide more RBSP data in PPS, skipping\n");
732 return 0;
733 }
734
735 return 1;
736 }
737
pps_free(void * opaque,uint8_t * data)738 static void pps_free(void *opaque, uint8_t *data)
739 {
740 PPS *pps = (PPS*)data;
741
742 av_buffer_unref(&pps->sps_ref);
743
744 av_freep(&data);
745 }
746
ff_h264_decode_picture_parameter_set(GetBitContext * gb,AVCodecContext * avctx,H264ParamSets * ps,int bit_length)747 int ff_h264_decode_picture_parameter_set(GetBitContext *gb, AVCodecContext *avctx,
748 H264ParamSets *ps, int bit_length)
749 {
750 AVBufferRef *pps_buf;
751 const SPS *sps;
752 unsigned int pps_id = get_ue_golomb(gb);
753 PPS *pps;
754 int qp_bd_offset;
755 int bits_left;
756 int ret;
757
758 if (pps_id >= MAX_PPS_COUNT) {
759 av_log(avctx, AV_LOG_ERROR, "pps_id %u out of range\n", pps_id);
760 return AVERROR_INVALIDDATA;
761 }
762
763 pps = av_mallocz(sizeof(*pps));
764 if (!pps)
765 return AVERROR(ENOMEM);
766 pps_buf = av_buffer_create((uint8_t*)pps, sizeof(*pps),
767 pps_free, NULL, 0);
768 if (!pps_buf) {
769 av_freep(&pps);
770 return AVERROR(ENOMEM);
771 }
772
773 pps->data_size = gb->buffer_end - gb->buffer;
774 if (pps->data_size > sizeof(pps->data)) {
775 av_log(avctx, AV_LOG_DEBUG, "Truncating likely oversized PPS "
776 "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n",
777 pps->data_size, sizeof(pps->data));
778 pps->data_size = sizeof(pps->data);
779 }
780 memcpy(pps->data, gb->buffer, pps->data_size);
781
782 // Re-add the removed stop bit (may be used by hwaccels).
783 if (!(bit_length & 7) && pps->data_size < sizeof(pps->data))
784 pps->data[pps->data_size++] = 0x80;
785
786 pps->sps_id = get_ue_golomb_31(gb);
787 if ((unsigned)pps->sps_id >= MAX_SPS_COUNT ||
788 !ps->sps_list[pps->sps_id]) {
789 av_log(avctx, AV_LOG_ERROR, "sps_id %u out of range\n", pps->sps_id);
790 ret = AVERROR_INVALIDDATA;
791 goto fail;
792 }
793 pps->sps_ref = av_buffer_ref(ps->sps_list[pps->sps_id]);
794 if (!pps->sps_ref) {
795 ret = AVERROR(ENOMEM);
796 goto fail;
797 }
798 pps->sps = (const SPS*)pps->sps_ref->data;
799 sps = pps->sps;
800
801 if (sps->bit_depth_luma > 14) {
802 av_log(avctx, AV_LOG_ERROR,
803 "Invalid luma bit depth=%d\n",
804 sps->bit_depth_luma);
805 ret = AVERROR_INVALIDDATA;
806 goto fail;
807 } else if (sps->bit_depth_luma == 11 || sps->bit_depth_luma == 13) {
808 avpriv_report_missing_feature(avctx,
809 "Unimplemented luma bit depth=%d",
810 sps->bit_depth_luma);
811 ret = AVERROR_PATCHWELCOME;
812 goto fail;
813 }
814
815 pps->cabac = get_bits1(gb);
816 pps->pic_order_present = get_bits1(gb);
817 pps->slice_group_count = get_ue_golomb(gb) + 1;
818 if (pps->slice_group_count > 1) {
819 pps->mb_slice_group_map_type = get_ue_golomb(gb);
820 avpriv_report_missing_feature(avctx, "FMO");
821 ret = AVERROR_PATCHWELCOME;
822 goto fail;
823 }
824 pps->ref_count[0] = get_ue_golomb(gb) + 1;
825 pps->ref_count[1] = get_ue_golomb(gb) + 1;
826 if (pps->ref_count[0] - 1 > 32 - 1 || pps->ref_count[1] - 1 > 32 - 1) {
827 av_log(avctx, AV_LOG_ERROR, "reference overflow (pps)\n");
828 ret = AVERROR_INVALIDDATA;
829 goto fail;
830 }
831
832 qp_bd_offset = 6 * (sps->bit_depth_luma - 8);
833
834 pps->weighted_pred = get_bits1(gb);
835 pps->weighted_bipred_idc = get_bits(gb, 2);
836 pps->init_qp = get_se_golomb(gb) + 26U + qp_bd_offset;
837 pps->init_qs = get_se_golomb(gb) + 26U + qp_bd_offset;
838 pps->chroma_qp_index_offset[0] = get_se_golomb(gb);
839 if (pps->chroma_qp_index_offset[0] < -12 || pps->chroma_qp_index_offset[0] > 12) {
840 ret = AVERROR_INVALIDDATA;
841 goto fail;
842 }
843
844 pps->deblocking_filter_parameters_present = get_bits1(gb);
845 pps->constrained_intra_pred = get_bits1(gb);
846 pps->redundant_pic_cnt_present = get_bits1(gb);
847
848 pps->transform_8x8_mode = 0;
849 memcpy(pps->scaling_matrix4, sps->scaling_matrix4,
850 sizeof(pps->scaling_matrix4));
851 memcpy(pps->scaling_matrix8, sps->scaling_matrix8,
852 sizeof(pps->scaling_matrix8));
853
854 bits_left = bit_length - get_bits_count(gb);
855 if (bits_left > 0 && more_rbsp_data_in_pps(sps, avctx)) {
856 pps->transform_8x8_mode = get_bits1(gb);
857 ret = decode_scaling_matrices(gb, sps, pps, 0,
858 pps->scaling_matrix4, pps->scaling_matrix8);
859 if (ret < 0)
860 goto fail;
861 // second_chroma_qp_index_offset
862 pps->chroma_qp_index_offset[1] = get_se_golomb(gb);
863 if (pps->chroma_qp_index_offset[1] < -12 || pps->chroma_qp_index_offset[1] > 12) {
864 ret = AVERROR_INVALIDDATA;
865 goto fail;
866 }
867 } else {
868 pps->chroma_qp_index_offset[1] = pps->chroma_qp_index_offset[0];
869 }
870
871 build_qp_table(pps, 0, pps->chroma_qp_index_offset[0],
872 sps->bit_depth_luma);
873 build_qp_table(pps, 1, pps->chroma_qp_index_offset[1],
874 sps->bit_depth_luma);
875
876 init_dequant_tables(pps, sps);
877
878 if (pps->chroma_qp_index_offset[0] != pps->chroma_qp_index_offset[1])
879 pps->chroma_qp_diff = 1;
880
881 if (avctx->debug & FF_DEBUG_PICT_INFO) {
882 av_log(avctx, AV_LOG_DEBUG,
883 "pps:%u sps:%u %s slice_groups:%d ref:%u/%u %s qp:%d/%d/%d/%d %s %s %s %s\n",
884 pps_id, pps->sps_id,
885 pps->cabac ? "CABAC" : "CAVLC",
886 pps->slice_group_count,
887 pps->ref_count[0], pps->ref_count[1],
888 pps->weighted_pred ? "weighted" : "",
889 pps->init_qp, pps->init_qs, pps->chroma_qp_index_offset[0], pps->chroma_qp_index_offset[1],
890 pps->deblocking_filter_parameters_present ? "LPAR" : "",
891 pps->constrained_intra_pred ? "CONSTR" : "",
892 pps->redundant_pic_cnt_present ? "REDU" : "",
893 pps->transform_8x8_mode ? "8x8DCT" : "");
894 }
895
896 remove_pps(ps, pps_id);
897 ps->pps_list[pps_id] = pps_buf;
898
899 return 0;
900
901 fail:
902 av_buffer_unref(&pps_buf);
903 return ret;
904 }
905