PR #22372 opened by James Almer (jamrial) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22372 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22372.patch
A new Sequence Header or a Temporal Delimiter OBU invalidate any previous frame if not yet complete (As is the case of missing Tile Groups). Similarly, a new Frame Header invalidates any onging Tile Group parsing. >From 2bd285a9410d2d15281aa178d5869a40db36edce Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Tue, 3 Mar 2026 18:33:28 -0300 Subject: [PATCH 1/2] avcodec/cbs_av1: don't try to write a Redundant Frame Header as a normal one Section 6.8.1 of the AV1 specification states: "If obu_type is equal to OBU_REDUNDANT_FRAME_HEADER, it is a requirement of bitstream conformance that SeenFrameHeader is equal to 1." Leave the existing behavior for reading scenarios as such a file may still be readable. Signed-off-by: James Almer <[email protected]> --- libavcodec/cbs_av1_syntax_template.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/cbs_av1_syntax_template.c b/libavcodec/cbs_av1_syntax_template.c index 5518544a4d..86b9a31614 100644 --- a/libavcodec/cbs_av1_syntax_template.c +++ b/libavcodec/cbs_av1_syntax_template.c @@ -1758,7 +1758,15 @@ static int FUNC(frame_header_obu)(CodedBitstreamContext *ctx, RWContext *rw, } } else { if (redundant) +#ifdef READ HEADER("Redundant Frame Header (used as Frame Header)"); +#else + { + av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid redundant " + "frame header OBU.\n"); + return AVERROR_INVALIDDATA; + } +#endif else HEADER("Frame Header"); -- 2.52.0 >From 3acad35b861326f35fd8b072ddcb49cb64a031e2 Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Tue, 3 Mar 2026 18:36:17 -0300 Subject: [PATCH 2/2] avcodec/av1dec: sync frame header and tile group behavior with CBS A new Sequence Header or a Temporal Delimiter OBU invalidate any previous frame if not yet complete (As is the case of missing Tile Groups). Similarly, a new Frame Header invalidates any onging Tile Group parsing. Fixes: out of array access Fixes: av1dec_tile_desync.mp4 Fixes: av1dec_tile_desync_bypass.mp4 Signed-off-by: James Almer <[email protected]> --- libavcodec/av1dec.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c index 1dffc7c1b9..ba8442077a 100644 --- a/libavcodec/av1dec.c +++ b/libavcodec/av1dec.c @@ -1307,6 +1307,8 @@ static int av1_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame) av_refstruct_replace(&s->seq_ref, unit->content_ref); s->raw_seq = &obu->obu.sequence_header; + s->raw_frame_header = NULL; + raw_tile_group = NULL; ret = set_context_with_sequence(avctx, s->raw_seq); if (ret < 0) { @@ -1343,6 +1345,8 @@ static int av1_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame) av_refstruct_replace(&s->header_ref, unit->content_ref); + raw_tile_group = NULL; + if (unit->type == AV1_OBU_FRAME) s->raw_frame_header = &obu->obu.frame.header; else @@ -1415,8 +1419,11 @@ static int av1_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame) } } break; - case AV1_OBU_TILE_LIST: case AV1_OBU_TEMPORAL_DELIMITER: + s->raw_frame_header = NULL; + raw_tile_group = NULL; + // fall-through + case AV1_OBU_TILE_LIST: case AV1_OBU_PADDING: break; case AV1_OBU_METADATA: -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
