Codebase list libde265 / 1b27a99
Remove patches now part of upstream release. Joachim Bauch 1 year, 6 months ago
8 changed file(s) with 0 addition(s) and 451 deletion(s). Raw diff Collapse all Expand all
+0
-50
debian/patches/0001-CVE-2022-1253.patch less more
0 From 8e89fe0e175d2870c39486fdd09250b230ec10b8 Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 5 Apr 2022 09:52:57 +0200
3 Subject: [PATCH] error on out-of-range cpb_cnt_minus1 (oss-fuzz issue 27590)
4
5 ---
6 libde265/sps.cc | 5 ++++-
7 libde265/vui.cc | 6 ++++++
8 2 files changed, 10 insertions(+), 1 deletion(-)
9
10 Index: libde265-1.0.8/libde265/sps.cc
11 ===================================================================
12 --- libde265-1.0.8.orig/libde265/sps.cc
13 +++ libde265-1.0.8/libde265/sps.cc
14 @@ -425,7 +425,10 @@ de265_error seq_parameter_set::read(erro
15
16 vui_parameters_present_flag = get_bits(br,1);
17 if (vui_parameters_present_flag) {
18 - vui.read(errqueue, br, this);
19 + de265_error err = vui.read(errqueue, br, this);
20 + if (err) {
21 + return err;
22 + }
23 }
24
25
26 Index: libde265-1.0.8/libde265/vui.cc
27 ===================================================================
28 --- libde265-1.0.8.orig/libde265/vui.cc
29 +++ libde265-1.0.8/libde265/vui.cc
30 @@ -201,6 +201,9 @@ de265_error video_usability_information:
31 if (!low_delay_hrd_flag[i])
32 {
33 READ_VLC_OFFSET(cpb_cnt_minus1[i], uvlc, 0);
34 + if (cpb_cnt_minus1[i] > 31) {
35 + return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE;
36 + }
37 }
38
39 for (nalOrVcl = 0; nalOrVcl < 2; nalOrVcl++)
40 @@ -361,6 +364,9 @@ de265_error video_usability_information:
41 if (vui_hrd_parameters_present_flag) {
42 de265_error err;
43 err = hrd_parameters(errqueue, br, sps);
44 + if (err) {
45 + return err;
46 + }
47 }
48 }
49
+0
-85
debian/patches/0001-fill-32x32-scaling-matrices.patch less more
0 From 7d5aeb5f11531de33f5b7ae0e768ffc50da4facb Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 23 Feb 2021 16:29:01 +0100
3 Subject: [PATCH] fill 32x32 scaling matrices
4
5 ---
6 libde265/sps.cc | 25 +++++++++++++++++++++++--
7 libde265/sps.h | 2 +-
8 libde265/transform.cc | 4 +---
9 3 files changed, 25 insertions(+), 6 deletions(-)
10
11 Index: libde265-1.0.8/libde265/sps.cc
12 ===================================================================
13 --- libde265-1.0.8.orig/libde265/sps.cc
14 +++ libde265-1.0.8/libde265/sps.cc
15 @@ -873,10 +873,10 @@ de265_error read_scaling_list(bitreader*
16 int dc_coeff[4][6];
17
18 for (int sizeId=0;sizeId<4;sizeId++) {
19 - int n = ((sizeId==3) ? 2 : 6);
20 + //int n = ((sizeId==3) ? 2 : 6);
21 uint8_t scaling_list[6][32*32];
22
23 - for (int matrixId=0;matrixId<n;matrixId++) {
24 + for (int matrixId=0 ; matrixId<6 ; matrixId += (sizeId==3 ? 3 : 1)) {
25 uint8_t* curr_scaling_list = scaling_list[matrixId];
26 int scaling_list_dc_coef;
27
28 @@ -982,6 +982,27 @@ de265_error read_scaling_list(bitreader*
29 }
30 }
31
32 +
33 + // --- fill 32x32 matrices for chroma
34 +
35 + const position* scan = get_scan_order(3, 0 /* diag */);
36 +
37 + for (int matrixId=0;matrixId<6;matrixId++)
38 + if (matrixId!=0 && matrixId!=3) {
39 + for (int i=0;i<64;i++) {
40 + int x = scan[i].x;
41 + int y = scan[i].y;
42 + int v = sclist->ScalingFactor_Size1[matrixId][y][x];
43 +
44 + for (int dy=0;dy<4;dy++)
45 + for (int dx=0;dx<4;dx++) {
46 + sclist->ScalingFactor_Size3[matrixId][4*y+dy][4*x+dx] = v;
47 + }
48 + }
49 +
50 + sclist->ScalingFactor_Size3[matrixId][0][0] = sclist->ScalingFactor_Size1[matrixId][0][0];
51 + }
52 +
53 return DE265_OK;
54 }
55
56 Index: libde265-1.0.8/libde265/sps.h
57 ===================================================================
58 --- libde265-1.0.8.orig/libde265/sps.h
59 +++ libde265-1.0.8/libde265/sps.h
60 @@ -54,7 +54,7 @@ typedef struct scaling_list_data {
61 uint8_t ScalingFactor_Size0[6][4][4];
62 uint8_t ScalingFactor_Size1[6][8][8];
63 uint8_t ScalingFactor_Size2[6][16][16];
64 - uint8_t ScalingFactor_Size3[2][32][32];
65 + uint8_t ScalingFactor_Size3[6][32][32];
66 } scaling_list_data;
67
68
69 Index: libde265-1.0.8/libde265/transform.cc
70 ===================================================================
71 --- libde265-1.0.8.orig/libde265/transform.cc
72 +++ libde265-1.0.8/libde265/transform.cc
73 @@ -504,10 +504,8 @@ void scale_coefficients_internal(thread_
74
75 for (int i=0;i<tctx->nCoeff[cIdx];i++) {
76 int pos = tctx->coeffPos[cIdx][i];
77 - int x = pos%nT;
78 - int y = pos/nT;
79
80 - const int m_x_y = sclist[x+y*nT];
81 + const int m_x_y = sclist[pos];
82 const int fact = m_x_y * levelScale[qP%6] << (qP/6);
83
84 int64_t currCoeff = tctx->coeffList[cIdx][i];
+0
-168
debian/patches/0002-CVE-2021-36411.patch less more
0 From 45904e5667c5bf59c67fcdc586dfba110832894c Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 5 Apr 2022 20:00:20 +0200
3 Subject: [PATCH] fix reading invalid images where shdr references are NULL in
4 part of the image (#302)
5
6 ---
7 libde265/deblock.cc | 127 +++++++++++++++++++++++---------------------
8 libde265/sao.cc | 5 +-
9 2 files changed, 70 insertions(+), 62 deletions(-)
10
11 diff --git a/libde265/deblock.cc b/libde265/deblock.cc
12 index 62428832..60fd2ca1 100644
13 --- a/libde265/deblock.cc
14 +++ b/libde265/deblock.cc
15 @@ -295,67 +295,72 @@ void derive_boundaryStrength(de265_image* img, bool vertical, int yStart,int yEn
16 slice_segment_header* shdrP = img->get_SliceHeader(xDiOpp,yDiOpp);
17 slice_segment_header* shdrQ = img->get_SliceHeader(xDi ,yDi);
18
19 - int refPicP0 = mviP.predFlag[0] ? shdrP->RefPicList[0][ mviP.refIdx[0] ] : -1;
20 - int refPicP1 = mviP.predFlag[1] ? shdrP->RefPicList[1][ mviP.refIdx[1] ] : -1;
21 - int refPicQ0 = mviQ.predFlag[0] ? shdrQ->RefPicList[0][ mviQ.refIdx[0] ] : -1;
22 - int refPicQ1 = mviQ.predFlag[1] ? shdrQ->RefPicList[1][ mviQ.refIdx[1] ] : -1;
23 -
24 - bool samePics = ((refPicP0==refPicQ0 && refPicP1==refPicQ1) ||
25 - (refPicP0==refPicQ1 && refPicP1==refPicQ0));
26 -
27 - if (!samePics) {
28 - bS = 1;
29 - }
30 - else {
31 - MotionVector mvP0 = mviP.mv[0]; if (!mviP.predFlag[0]) { mvP0.x=mvP0.y=0; }
32 - MotionVector mvP1 = mviP.mv[1]; if (!mviP.predFlag[1]) { mvP1.x=mvP1.y=0; }
33 - MotionVector mvQ0 = mviQ.mv[0]; if (!mviQ.predFlag[0]) { mvQ0.x=mvQ0.y=0; }
34 - MotionVector mvQ1 = mviQ.mv[1]; if (!mviQ.predFlag[1]) { mvQ1.x=mvQ1.y=0; }
35 -
36 - int numMV_P = mviP.predFlag[0] + mviP.predFlag[1];
37 - int numMV_Q = mviQ.predFlag[0] + mviQ.predFlag[1];
38 -
39 - if (numMV_P!=numMV_Q) {
40 - img->decctx->add_warning(DE265_WARNING_NUMMVP_NOT_EQUAL_TO_NUMMVQ, false);
41 - img->integrity = INTEGRITY_DECODING_ERRORS;
42 - }
43 -
44 - // two different reference pictures or only one reference picture
45 - if (refPicP0 != refPicP1) {
46 -
47 - if (refPicP0 == refPicQ0) {
48 - if (abs_value(mvP0.x-mvQ0.x) >= 4 ||
49 - abs_value(mvP0.y-mvQ0.y) >= 4 ||
50 - abs_value(mvP1.x-mvQ1.x) >= 4 ||
51 - abs_value(mvP1.y-mvQ1.y) >= 4) {
52 - bS = 1;
53 - }
54 - }
55 - else {
56 - if (abs_value(mvP0.x-mvQ1.x) >= 4 ||
57 - abs_value(mvP0.y-mvQ1.y) >= 4 ||
58 - abs_value(mvP1.x-mvQ0.x) >= 4 ||
59 - abs_value(mvP1.y-mvQ0.y) >= 4) {
60 - bS = 1;
61 - }
62 - }
63 - }
64 - else {
65 - assert(refPicQ0==refPicQ1);
66 -
67 - if ((abs_value(mvP0.x-mvQ0.x) >= 4 ||
68 - abs_value(mvP0.y-mvQ0.y) >= 4 ||
69 - abs_value(mvP1.x-mvQ1.x) >= 4 ||
70 - abs_value(mvP1.y-mvQ1.y) >= 4)
71 - &&
72 - (abs_value(mvP0.x-mvQ1.x) >= 4 ||
73 - abs_value(mvP0.y-mvQ1.y) >= 4 ||
74 - abs_value(mvP1.x-mvQ0.x) >= 4 ||
75 - abs_value(mvP1.y-mvQ0.y) >= 4)) {
76 - bS = 1;
77 - }
78 - }
79 - }
80 + if (shdrP && shdrQ) {
81 + int refPicP0 = mviP.predFlag[0] ? shdrP->RefPicList[0][ mviP.refIdx[0] ] : -1;
82 + int refPicP1 = mviP.predFlag[1] ? shdrP->RefPicList[1][ mviP.refIdx[1] ] : -1;
83 + int refPicQ0 = mviQ.predFlag[0] ? shdrQ->RefPicList[0][ mviQ.refIdx[0] ] : -1;
84 + int refPicQ1 = mviQ.predFlag[1] ? shdrQ->RefPicList[1][ mviQ.refIdx[1] ] : -1;
85 +
86 + bool samePics = ((refPicP0==refPicQ0 && refPicP1==refPicQ1) ||
87 + (refPicP0==refPicQ1 && refPicP1==refPicQ0));
88 +
89 + if (!samePics) {
90 + bS = 1;
91 + }
92 + else {
93 + MotionVector mvP0 = mviP.mv[0]; if (!mviP.predFlag[0]) { mvP0.x=mvP0.y=0; }
94 + MotionVector mvP1 = mviP.mv[1]; if (!mviP.predFlag[1]) { mvP1.x=mvP1.y=0; }
95 + MotionVector mvQ0 = mviQ.mv[0]; if (!mviQ.predFlag[0]) { mvQ0.x=mvQ0.y=0; }
96 + MotionVector mvQ1 = mviQ.mv[1]; if (!mviQ.predFlag[1]) { mvQ1.x=mvQ1.y=0; }
97 +
98 + int numMV_P = mviP.predFlag[0] + mviP.predFlag[1];
99 + int numMV_Q = mviQ.predFlag[0] + mviQ.predFlag[1];
100 +
101 + if (numMV_P!=numMV_Q) {
102 + img->decctx->add_warning(DE265_WARNING_NUMMVP_NOT_EQUAL_TO_NUMMVQ, false);
103 + img->integrity = INTEGRITY_DECODING_ERRORS;
104 + }
105 +
106 + // two different reference pictures or only one reference picture
107 + if (refPicP0 != refPicP1) {
108 +
109 + if (refPicP0 == refPicQ0) {
110 + if (abs_value(mvP0.x-mvQ0.x) >= 4 ||
111 + abs_value(mvP0.y-mvQ0.y) >= 4 ||
112 + abs_value(mvP1.x-mvQ1.x) >= 4 ||
113 + abs_value(mvP1.y-mvQ1.y) >= 4) {
114 + bS = 1;
115 + }
116 + }
117 + else {
118 + if (abs_value(mvP0.x-mvQ1.x) >= 4 ||
119 + abs_value(mvP0.y-mvQ1.y) >= 4 ||
120 + abs_value(mvP1.x-mvQ0.x) >= 4 ||
121 + abs_value(mvP1.y-mvQ0.y) >= 4) {
122 + bS = 1;
123 + }
124 + }
125 + }
126 + else {
127 + assert(refPicQ0==refPicQ1);
128 +
129 + if ((abs_value(mvP0.x-mvQ0.x) >= 4 ||
130 + abs_value(mvP0.y-mvQ0.y) >= 4 ||
131 + abs_value(mvP1.x-mvQ1.x) >= 4 ||
132 + abs_value(mvP1.y-mvQ1.y) >= 4)
133 + &&
134 + (abs_value(mvP0.x-mvQ1.x) >= 4 ||
135 + abs_value(mvP0.y-mvQ1.y) >= 4 ||
136 + abs_value(mvP1.x-mvQ0.x) >= 4 ||
137 + abs_value(mvP1.y-mvQ0.y) >= 4)) {
138 + bS = 1;
139 + }
140 + }
141 + }
142 + }
143 + else {
144 + bS = 0; // if shdrP==NULL or shdrQ==NULL
145 + }
146
147 /*
148 printf("unimplemented deblocking code for CU at %d;%d\n",xDi,yDi);
149 diff --git a/libde265/sao.cc b/libde265/sao.cc
150 index f93fc02a..ed8676ea 100644
151 --- a/libde265/sao.cc
152 +++ b/libde265/sao.cc
153 @@ -353,7 +353,10 @@ void apply_sample_adaptive_offset_sequential(de265_image* img)
154 for (int xCtb=0; xCtb<sps.PicWidthInCtbsY; xCtb++)
155 {
156 const slice_segment_header* shdr = img->get_SliceHeaderCtb(xCtb,yCtb);
157 - if (shdr==NULL) { return; }
158 + if (shdr==NULL) {
159 + delete[] inputCopy;
160 + return;
161 + }
162
163 if (cIdx==0 && shdr->slice_sao_luma_flag) {
164 apply_sao(img, xCtb,yCtb, shdr, 0, 1<<sps.Log2CtbSizeY, 1<<sps.Log2CtbSizeY,
165 --
166 2.34.1
167
+0
-25
debian/patches/0003-CVE-2021-36410.patch less more
0 From 697aa4f7c774abd6374596e6707a6f4f54265355 Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 5 Apr 2022 19:27:04 +0200
3 Subject: [PATCH] fix MC with HDR chroma, but SDR luma (#301)
4
5 ---
6 libde265/motion.cc | 2 +-
7 1 file changed, 1 insertion(+), 1 deletion(-)
8
9 diff --git a/libde265/motion.cc b/libde265/motion.cc
10 index deae2400..8bbfbde0 100644
11 --- a/libde265/motion.cc
12 +++ b/libde265/motion.cc
13 @@ -376,7 +376,7 @@ void generate_inter_prediction_samples(base_context* ctx,
14 refPic->get_luma_stride(), nPbW,nPbH, bit_depth_L);
15 }
16
17 - if (img->high_bit_depth(0)) {
18 + if (img->high_bit_depth(1)) {
19 mc_chroma(ctx, sps, vi->mv[l].x, vi->mv[l].y, xP,yP,
20 predSamplesC[0][l],nCS, (const uint16_t*)refPic->get_image_plane(1),
21 refPic->get_chroma_stride(), nPbW/SubWidthC,nPbH/SubHeightC, bit_depth_C);
22 --
23 2.34.1
24
+0
-58
debian/patches/0004-CVE-2021-36409.patch less more
0 From 64d591a6c70737604ca3f5791736fc462cbe8a3c Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 5 Apr 2022 17:53:43 +0200
3 Subject: [PATCH] fix assertion when reading invalid scaling_list (#300)
4
5 ---
6 libde265/sps.cc | 15 +++++++++------
7 1 file changed, 9 insertions(+), 6 deletions(-)
8
9 Index: libde265-1.0.8/libde265/sps.cc
10 ===================================================================
11 --- libde265-1.0.8.orig/libde265/sps.cc
12 +++ libde265-1.0.8/libde265/sps.cc
13 @@ -879,19 +879,23 @@ de265_error read_scaling_list(bitreader*
14 //int n = ((sizeId==3) ? 2 : 6);
15 uint8_t scaling_list[6][32*32];
16
17 + // Note: we use a different matrixId for the second matrix of size 3 (we use '3' instead of '1').
18 for (int matrixId=0 ; matrixId<6 ; matrixId += (sizeId==3 ? 3 : 1)) {
19 uint8_t* curr_scaling_list = scaling_list[matrixId];
20 int scaling_list_dc_coef;
21
22 - int canonicalMatrixId = matrixId;
23 - if (sizeId==3 && matrixId==1) { canonicalMatrixId=3; }
24 -
25
26 //printf("----- matrix %d\n",matrixId);
27
28 char scaling_list_pred_mode_flag = get_bits(br,1);
29 if (!scaling_list_pred_mode_flag) {
30 int scaling_list_pred_matrix_id_delta = get_uvlc(br);
31 +
32 + if (sizeId==3) {
33 + // adapt to our changed matrixId for size 3
34 + scaling_list_pred_matrix_id_delta *= 3;
35 + }
36 +
37 if (scaling_list_pred_matrix_id_delta == UVLC_ERROR ||
38 scaling_list_pred_matrix_id_delta > matrixId) {
39 return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE;
40 @@ -907,15 +911,14 @@ de265_error read_scaling_list(bitreader*
41 memcpy(curr_scaling_list, default_ScalingList_4x4, 16);
42 }
43 else {
44 - if (canonicalMatrixId<3)
45 + if (matrixId<3)
46 { memcpy(curr_scaling_list, default_ScalingList_8x8_intra,64); }
47 else
48 { memcpy(curr_scaling_list, default_ScalingList_8x8_inter,64); }
49 }
50 }
51 else {
52 - // TODO: CHECK: for sizeID=3 and the second matrix, should we have delta=1 or delta=3 ?
53 - if (sizeId==3) { assert(scaling_list_pred_matrix_id_delta==1); }
54 + if (sizeId==3) { assert(scaling_list_pred_matrix_id_delta==3); }
55
56 int mID = matrixId - scaling_list_pred_matrix_id_delta;
57
+0
-33
debian/patches/0005-CVE-2021-36408.patch less more
0 From f538254e4658ef5ea4e233c2185dcbfd165e8911 Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 5 Apr 2022 18:41:28 +0200
3 Subject: [PATCH] fix streams where SPS image size changes without refreshing
4 PPS (#299)
5
6 ---
7 libde265/decctx.cc | 9 +++++++++
8 1 file changed, 9 insertions(+)
9
10 diff --git a/libde265/decctx.cc b/libde265/decctx.cc
11 index edebb713..6701725f 100644
12 --- a/libde265/decctx.cc
13 +++ b/libde265/decctx.cc
14 @@ -562,6 +562,15 @@ de265_error decoder_context::read_sps_NAL(bitreader& reader)
15
16 sps[ new_sps->seq_parameter_set_id ] = new_sps;
17
18 + // Remove the all PPS that referenced the old SPS because parameters may have changed and we do not want to
19 + // get the SPS and PPS parameters (e.g. image size) out of sync.
20 +
21 + for (auto& p : pps) {
22 + if (p && p->seq_parameter_set_id == new_sps->seq_parameter_set_id) {
23 + p = nullptr;
24 + }
25 + }
26 +
27 return DE265_OK;
28 }
29
30 --
31 2.34.1
32
+0
-25
debian/patches/0006-CVE-2021-35452.patch less more
0 From e83f3798dd904aa579425c53020c67e03735138d Mon Sep 17 00:00:00 2001
1 From: Dirk Farin <dirk.farin@gmail.com>
2 Date: Tue, 5 Apr 2022 19:35:46 +0200
3 Subject: [PATCH] fix check for valid PPS idx (#298)
4
5 ---
6 libde265/slice.cc | 2 +-
7 1 file changed, 1 insertion(+), 1 deletion(-)
8
9 diff --git a/libde265/slice.cc b/libde265/slice.cc
10 index cca4d332..aacde0ce 100644
11 --- a/libde265/slice.cc
12 +++ b/libde265/slice.cc
13 @@ -373,7 +373,7 @@ de265_error slice_segment_header::read(bitreader* br, decoder_context* ctx,
14 }
15
16 slice_pic_parameter_set_id = get_uvlc(br);
17 - if (slice_pic_parameter_set_id > DE265_MAX_PPS_SETS ||
18 + if (slice_pic_parameter_set_id >= DE265_MAX_PPS_SETS ||
19 slice_pic_parameter_set_id == UVLC_ERROR) {
20 ctx->add_warning(DE265_WARNING_NONEXISTING_PPS_REFERENCED, false);
21 return DE265_OK;
22 --
23 2.34.1
24
+0
-7
debian/patches/series less more
00 only_export_decoder_api.patch
11 disable_tools.patch
2 0001-fill-32x32-scaling-matrices.patch
3 0001-CVE-2022-1253.patch
4 0002-CVE-2021-36411.patch
5 0003-CVE-2021-36410.patch
6 0004-CVE-2021-36409.patch
7 0005-CVE-2021-36408.patch
8 0006-CVE-2021-35452.patch