mirror of https://github.com/FFmpeg/FFmpeg.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
411 lines
12 KiB
411 lines
12 KiB
/* |
|
* Jpeg XL header verification |
|
* Copyright (c) 2022 Leo Izen <leo.izen@gmail.com> |
|
* |
|
* This file is part of FFmpeg. |
|
* |
|
* FFmpeg is free software; you can redistribute it and/or |
|
* modify it under the terms of the GNU Lesser General Public |
|
* License as published by the Free Software Foundation; either |
|
* version 2.1 of the License, or (at your option) any later version. |
|
* |
|
* FFmpeg is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
* Lesser General Public License for more details. |
|
* |
|
* You should have received a copy of the GNU Lesser General Public |
|
* License along with FFmpeg; if not, write to the Free Software |
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
|
*/ |
|
|
|
#include "jpegxl_probe.h" |
|
|
|
#define UNCHECKED_BITSTREAM_READER 0 |
|
#define BITSTREAM_READER_LE |
|
#include "libavcodec/get_bits.h" |
|
|
|
enum JpegXLExtraChannelType { |
|
FF_JPEGXL_CT_ALPHA = 0, |
|
FF_JPEGXL_CT_DEPTH, |
|
FF_JPEGXL_CT_SPOT_COLOR, |
|
FF_JPEGXL_CT_SELECTION_MASK, |
|
FF_JPEGXL_CT_BLACK, |
|
FF_JPEGXL_CT_CFA, |
|
FF_JPEGXL_CT_THERMAL, |
|
FF_JPEGXL_CT_NON_OPTIONAL = 15, |
|
FF_JPEGXL_CT_OPTIONAL |
|
}; |
|
|
|
enum JpegXLColorSpace { |
|
FF_JPEGXL_CS_RGB = 0, |
|
FF_JPEGXL_CS_GRAY, |
|
FF_JPEGXL_CS_XYB, |
|
FF_JPEGXL_CS_UNKNOWN |
|
}; |
|
|
|
enum JpegXLWhitePoint { |
|
FF_JPEGXL_WP_D65 = 1, |
|
FF_JPEGXL_WP_CUSTOM, |
|
FF_JPEGXL_WP_E = 10, |
|
FF_JPEGXL_WP_DCI = 11 |
|
}; |
|
|
|
enum JpegXLPrimaries { |
|
FF_JPEGXL_PR_SRGB = 1, |
|
FF_JPEGXL_PR_CUSTOM, |
|
FF_JPEGXL_PR_2100 = 9, |
|
FF_JPEGXL_PR_P3 = 11, |
|
}; |
|
|
|
/* read a U32(c_i + u(u_i)) */ |
|
static av_always_inline uint32_t jxl_u32(GetBitContext *gb, |
|
uint32_t c0, uint32_t c1, uint32_t c2, uint32_t c3, |
|
uint32_t u0, uint32_t u1, uint32_t u2, uint32_t u3) |
|
{ |
|
const uint32_t constants[4] = {c0, c1, c2, c3}; |
|
const uint32_t ubits [4] = {u0, u1, u2, u3}; |
|
uint32_t ret, choice = get_bits(gb, 2); |
|
|
|
ret = constants[choice]; |
|
if (ubits[choice]) |
|
ret += get_bits_long(gb, ubits[choice]); |
|
|
|
return ret; |
|
} |
|
|
|
static av_always_inline uint32_t jxl_enum(GetBitContext *gb) |
|
{ |
|
return jxl_u32(gb, 0, 1, 2, 18, 0, 0, 4, 6); |
|
} |
|
|
|
/* read a U64() */ |
|
static uint64_t jpegxl_u64(GetBitContext *gb) |
|
{ |
|
uint64_t shift = 12, ret; |
|
|
|
switch (get_bits(gb, 2)) { |
|
case 0: |
|
ret = 0; |
|
break; |
|
case 1: |
|
ret = 1 + get_bits(gb, 4); |
|
break; |
|
case 2: |
|
ret = 17 + get_bits(gb, 8); |
|
break; |
|
case 3: |
|
ret = get_bits(gb, 12); |
|
while (get_bits1(gb)) { |
|
if (shift < 60) { |
|
ret |= (uint64_t)get_bits(gb, 8) << shift; |
|
shift += 8; |
|
} else { |
|
ret |= (uint64_t)get_bits(gb, 4) << shift; |
|
break; |
|
} |
|
} |
|
break; |
|
} |
|
|
|
return ret; |
|
} |
|
|
|
static uint32_t jpegxl_width_from_ratio(uint32_t height, int ratio) |
|
{ |
|
uint64_t height64 = height; /* avoid integer overflow */ |
|
switch (ratio) { |
|
case 1: |
|
return height; |
|
case 2: |
|
return (uint32_t)((height64 * 12) / 10); |
|
case 3: |
|
return (uint32_t)((height64 * 4) / 3); |
|
case 4: |
|
return (uint32_t)((height64 * 3) / 2); |
|
case 5: |
|
return (uint32_t)((height64 * 16) / 9); |
|
case 6: |
|
return (uint32_t)((height64 * 5) / 4); |
|
case 7: |
|
return (uint32_t)(height64 * 2); |
|
default: |
|
break; |
|
} |
|
|
|
return 0; /* manual width */ |
|
} |
|
|
|
/** |
|
* validate a Jpeg XL Size Header |
|
* @return >= 0 upon valid size, < 0 upon invalid size found |
|
*/ |
|
static int jpegxl_read_size_header(GetBitContext *gb) |
|
{ |
|
uint32_t width, height; |
|
|
|
if (get_bits1(gb)) { |
|
/* small size header */ |
|
height = (get_bits(gb, 5) + 1) << 3; |
|
width = jpegxl_width_from_ratio(height, get_bits(gb, 3)); |
|
if (!width) |
|
width = (get_bits(gb, 5) + 1) << 3; |
|
} else { |
|
/* large size header */ |
|
height = 1 + jxl_u32(gb, 0, 0, 0, 0, 9, 13, 18, 30); |
|
width = jpegxl_width_from_ratio(height, get_bits(gb, 3)); |
|
if (!width) |
|
width = 1 + jxl_u32(gb, 0, 0, 0, 0, 9, 13, 18, 30); |
|
} |
|
if (width > (1 << 18) || height > (1 << 18) |
|
|| (width >> 4) * (height >> 4) > (1 << 20)) |
|
return -1; |
|
|
|
return 0; |
|
} |
|
|
|
/** |
|
* validate a Jpeg XL Preview Header |
|
* @return >= 0 upon valid size, < 0 upon invalid size found |
|
*/ |
|
static int jpegxl_read_preview_header(GetBitContext *gb) |
|
{ |
|
uint32_t width, height; |
|
|
|
if (get_bits1(gb)) { |
|
/* coded height and width divided by eight */ |
|
height = jxl_u32(gb, 16, 32, 1, 33, 0, 0, 5, 9) << 3; |
|
width = jpegxl_width_from_ratio(height, get_bits(gb, 3)); |
|
if (!width) |
|
width = jxl_u32(gb, 16, 32, 1, 33, 0, 0, 5, 9) << 3; |
|
} else { |
|
/* full height and width coded */ |
|
height = jxl_u32(gb, 1, 65, 321, 1345, 6, 8, 10, 12); |
|
width = jpegxl_width_from_ratio(height, get_bits(gb, 3)); |
|
if (!width) |
|
width = jxl_u32(gb, 1, 65, 321, 1345, 6, 8, 10, 12); |
|
} |
|
if (width > 4096 || height > 4096) |
|
return -1; |
|
|
|
return 0; |
|
} |
|
|
|
/** |
|
* skip a Jpeg XL BitDepth Header. These cannot be invalid. |
|
*/ |
|
static void jpegxl_skip_bit_depth(GetBitContext *gb) |
|
{ |
|
if (get_bits1(gb)) { |
|
/* float samples */ |
|
jxl_u32(gb, 32, 16, 24, 1, 0, 0, 0, 6); /* mantissa */ |
|
skip_bits_long(gb, 4); /* exponent */ |
|
} else { |
|
/* integer samples */ |
|
jxl_u32(gb, 8, 10, 12, 1, 0, 0, 0, 6); |
|
} |
|
} |
|
|
|
/** |
|
* validate a Jpeg XL Extra Channel Info bundle |
|
* @return >= 0 upon valid, < 0 upon invalid |
|
*/ |
|
static int jpegxl_read_extra_channel_info(GetBitContext *gb) |
|
{ |
|
int all_default = get_bits1(gb); |
|
uint32_t type, name_len = 0; |
|
|
|
if (!all_default) { |
|
type = jxl_enum(gb); |
|
if (type > 63) |
|
return -1; /* enum types cannot be 64+ */ |
|
if (type == FF_JPEGXL_CT_BLACK) |
|
return -1; |
|
jpegxl_skip_bit_depth(gb); |
|
jxl_u32(gb, 0, 3, 4, 1, 0, 0, 0, 3); /* dim-shift */ |
|
/* max of name_len is 1071 = 48 + 2^10 - 1 */ |
|
name_len = jxl_u32(gb, 0, 0, 16, 48, 0, 4, 5, 10); |
|
} else { |
|
type = FF_JPEGXL_CT_ALPHA; |
|
} |
|
|
|
/* skip over the name */ |
|
skip_bits_long(gb, 8 * name_len); |
|
|
|
if (!all_default && type == FF_JPEGXL_CT_ALPHA) |
|
skip_bits1(gb); |
|
|
|
if (type == FF_JPEGXL_CT_SPOT_COLOR) |
|
skip_bits_long(gb, 16 * 4); |
|
|
|
if (type == FF_JPEGXL_CT_CFA) |
|
jxl_u32(gb, 1, 0, 3, 19, 0, 2, 4, 8); |
|
|
|
return 0; |
|
} |
|
|
|
/* verify that a codestream header is valid */ |
|
int ff_jpegxl_verify_codestream_header(const uint8_t *buf, int buflen) |
|
{ |
|
GetBitContext gbi, *gb = &gbi; |
|
int all_default, extra_fields = 0; |
|
int xyb_encoded = 1, have_icc_profile = 0; |
|
uint32_t num_extra_channels; |
|
uint64_t extensions; |
|
int ret; |
|
|
|
ret = init_get_bits8(gb, buf, buflen); |
|
if (ret < 0) |
|
return ret; |
|
|
|
if (get_bits_long(gb, 16) != FF_JPEGXL_CODESTREAM_SIGNATURE_LE) |
|
return -1; |
|
|
|
if ((ret = jpegxl_read_size_header(gb)) < 0) |
|
return ret; |
|
|
|
all_default = get_bits1(gb); |
|
if (!all_default) |
|
extra_fields = get_bits1(gb); |
|
|
|
if (extra_fields) { |
|
skip_bits_long(gb, 3); /* orientation */ |
|
|
|
/* |
|
* intrinstic size |
|
* any size header here is valid, but as it |
|
* is variable length we have to read it |
|
*/ |
|
if (get_bits1(gb)) |
|
jpegxl_read_size_header(gb); |
|
|
|
/* preview header */ |
|
if (get_bits1(gb)) { |
|
ret = jpegxl_read_preview_header(gb); |
|
if (ret < 0) |
|
return ret; |
|
} |
|
|
|
/* animation header */ |
|
if (get_bits1(gb)) { |
|
jxl_u32(gb, 100, 1000, 1, 1, 0, 0, 10, 30); |
|
jxl_u32(gb, 1, 1001, 1, 1, 0, 0, 8, 10); |
|
jxl_u32(gb, 0, 0, 0, 0, 0, 3, 16, 32); |
|
skip_bits_long(gb, 1); |
|
} |
|
} |
|
if (get_bits_left(gb) < 1) |
|
return AVERROR_INVALIDDATA; |
|
|
|
if (!all_default) { |
|
jpegxl_skip_bit_depth(gb); |
|
|
|
/* modular_16bit_buffers must equal 1 */ |
|
if (!get_bits1(gb)) |
|
return -1; |
|
|
|
num_extra_channels = jxl_u32(gb, 0, 1, 2, 1, 0, 0, 4, 12); |
|
if (num_extra_channels > 4) |
|
return -1; |
|
for (uint32_t i = 0; i < num_extra_channels; i++) { |
|
ret = jpegxl_read_extra_channel_info(gb); |
|
if (ret < 0) |
|
return ret; |
|
if (get_bits_left(gb) < 1) |
|
return AVERROR_INVALIDDATA; |
|
} |
|
|
|
xyb_encoded = get_bits1(gb); |
|
|
|
/* color encoding bundle */ |
|
if (!get_bits1(gb)) { |
|
uint32_t color_space; |
|
have_icc_profile = get_bits1(gb); |
|
color_space = jxl_enum(gb); |
|
if (color_space > 63) |
|
return -1; |
|
|
|
if (!have_icc_profile) { |
|
if (color_space != FF_JPEGXL_CS_XYB) { |
|
uint32_t white_point = jxl_enum(gb); |
|
if (white_point > 63) |
|
return -1; |
|
if (white_point == FF_JPEGXL_WP_CUSTOM) { |
|
/* ux and uy values */ |
|
jxl_u32(gb, 0, 524288, 1048576, 2097152, 19, 19, 20, 21); |
|
jxl_u32(gb, 0, 524288, 1048576, 2097152, 19, 19, 20, 21); |
|
} |
|
if (color_space != FF_JPEGXL_CS_GRAY) { |
|
/* primaries */ |
|
uint32_t primaries = jxl_enum(gb); |
|
if (primaries > 63) |
|
return -1; |
|
if (primaries == FF_JPEGXL_PR_CUSTOM) { |
|
/* ux/uy values for r,g,b */ |
|
for (int i = 0; i < 6; i++) { |
|
jxl_u32(gb, 0, 524288, 1048576, 2097152, 19, 19, 20, 21); |
|
if (get_bits_left(gb) < 1) |
|
return AVERROR_INVALIDDATA; |
|
} |
|
} |
|
} |
|
} |
|
|
|
/* transfer characteristics */ |
|
if (get_bits1(gb)) { |
|
/* gamma */ |
|
skip_bits_long(gb, 24); |
|
} else { |
|
/* transfer function */ |
|
if (jxl_enum(gb) > 63) |
|
return -1; |
|
} |
|
|
|
/* rendering intent */ |
|
if (jxl_enum(gb) > 63) |
|
return -1; |
|
} |
|
} |
|
|
|
/* tone mapping bundle */ |
|
if (extra_fields && !get_bits1(gb)) |
|
skip_bits_long(gb, 16 + 16 + 1 + 16); |
|
|
|
extensions = jpegxl_u64(gb); |
|
if (get_bits_left(gb) < 1) |
|
return AVERROR_INVALIDDATA; |
|
if (extensions) { |
|
for (int i = 0; i < 64; i++) { |
|
if (extensions & (UINT64_C(1) << i)) |
|
jpegxl_u64(gb); |
|
if (get_bits_left(gb) < 1) |
|
return AVERROR_INVALIDDATA; |
|
} |
|
} |
|
} |
|
|
|
/* default transform */ |
|
if (!get_bits1(gb)) { |
|
/* opsin inverse matrix */ |
|
if (xyb_encoded && !get_bits1(gb)) |
|
skip_bits_long(gb, 16 * 16); |
|
/* cw_mask and default weights */ |
|
if (get_bits1(gb)) |
|
skip_bits_long(gb, 16 * 15); |
|
if (get_bits1(gb)) |
|
skip_bits_long(gb, 16 * 55); |
|
if (get_bits1(gb)) |
|
skip_bits_long(gb, 16 * 210); |
|
} |
|
|
|
if (!have_icc_profile) { |
|
int bits_remaining = 7 - (get_bits_count(gb) - 1) % 8; |
|
if (bits_remaining && get_bits(gb, bits_remaining)) |
|
return -1; |
|
} |
|
|
|
if (get_bits_left(gb) < 0) |
|
return -1; |
|
|
|
return 0; |
|
}
|
|
|