/work/libde265/libde265/nal-parser.cc
Line | Count | Source |
1 | | /* |
2 | | * H.265 video codec. |
3 | | * Copyright (c) 2013-2014 struktur AG, Dirk Farin <farin@struktur.de> |
4 | | * |
5 | | * This file is part of libde265. |
6 | | * |
7 | | * libde265 is free software: you can redistribute it and/or modify |
8 | | * it under the terms of the GNU Lesser General Public License as |
9 | | * published by the Free Software Foundation, either version 3 of |
10 | | * the License, or (at your option) any later version. |
11 | | * |
12 | | * libde265 is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU Lesser General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU Lesser General Public License |
18 | | * along with libde265. If not, see <http://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | #include "nal-parser.h" |
22 | | |
23 | | #include <string.h> |
24 | | #include <assert.h> |
25 | | #include <stdlib.h> |
26 | | #include <stdio.h> |
27 | | #include <stdint.h> |
28 | | #include <limits.h> |
29 | | |
30 | | #ifdef HAVE_CONFIG_H |
31 | | #include "config.h" |
32 | | #endif |
33 | | |
34 | | |
35 | | NAL_unit::NAL_unit() |
36 | 56.6k | : skipped_bytes(DE265_SKIPPED_BYTES_INITIAL_SIZE) |
37 | 56.6k | { |
38 | 56.6k | } |
39 | | |
40 | | NAL_unit::~NAL_unit() |
41 | 56.6k | { |
42 | 56.6k | free(nal_data); |
43 | 56.6k | } |
44 | | |
45 | | void NAL_unit::clear() |
46 | 56.6k | { |
47 | 56.6k | header = nal_header(); |
48 | 56.6k | pts = 0; |
49 | 56.6k | user_data = nullptr; |
50 | | |
51 | | // set size to zero but keep memory |
52 | 56.6k | data_size = 0; |
53 | | |
54 | 56.6k | skipped_bytes.clear(); |
55 | 56.6k | } |
56 | | |
57 | | LIBDE265_CHECK_RESULT bool NAL_unit::resize(int new_size) |
58 | 113k | { |
59 | 113k | if (capacity < new_size) { |
60 | | // Grow the buffer geometrically (1.5x) rather than to the exact requested |
61 | | // size. NAL_Parser::push_data() appends to the pending NAL one input chunk |
62 | | // at a time, increasing the request by a roughly constant amount each call. |
63 | | // With exact-size allocation every chunk would reallocate and copy the |
64 | | // whole accumulated buffer (O(n^2) for a single oversized NAL); spare |
65 | | // capacity amortizes the total copying to O(n). Here new_size > capacity >= 0, |
66 | | // so the 1.5x term is computed in 64 bits and only used when it both exceeds |
67 | | // the request and still fits in 'int'. |
68 | 1.97k | int alloc_size = new_size; |
69 | 1.97k | int64_t grow = static_cast<int64_t>(capacity) + capacity / 2; |
70 | 1.97k | if (grow > new_size && grow <= INT_MAX) { |
71 | 0 | alloc_size = static_cast<int>(grow); |
72 | 0 | } |
73 | | |
74 | 1.97k | unsigned char* newbuffer = static_cast<unsigned char*>(malloc(alloc_size)); |
75 | 1.97k | if (newbuffer == nullptr) { |
76 | 0 | return false; |
77 | 0 | } |
78 | | |
79 | 1.97k | if (nal_data != nullptr) { |
80 | 0 | memcpy(newbuffer, nal_data, data_size); |
81 | 0 | free(nal_data); |
82 | 0 | } |
83 | | |
84 | 1.97k | nal_data = newbuffer; |
85 | 1.97k | capacity = alloc_size; |
86 | 1.97k | } |
87 | 113k | return true; |
88 | 113k | } |
89 | | |
90 | | LIBDE265_CHECK_RESULT bool NAL_unit::append(const unsigned char* in_data, int n) |
91 | 0 | { |
92 | 0 | if (!resize(data_size + n)) { |
93 | 0 | return false; |
94 | 0 | } |
95 | 0 | memcpy(nal_data + data_size, in_data, n); |
96 | 0 | data_size += n; |
97 | 0 | return true; |
98 | 0 | } |
99 | | |
100 | | bool LIBDE265_CHECK_RESULT NAL_unit::set_data(const unsigned char* in_data, int n) |
101 | 56.6k | { |
102 | 56.6k | if (!resize(n)) { |
103 | 0 | return false; |
104 | 0 | } |
105 | 56.6k | memcpy(nal_data, in_data, n); |
106 | 56.6k | data_size = n; |
107 | 56.6k | return true; |
108 | 56.6k | } |
109 | | |
110 | | void NAL_unit::insert_skipped_byte(uint32_t pos) |
111 | 2.86k | { |
112 | 2.86k | skipped_bytes.push_back(pos); |
113 | 2.86k | } |
114 | | |
115 | | uint32_t NAL_unit::num_skipped_bytes_before(uint32_t byte_position, uint32_t headerLength) const |
116 | 0 | { |
117 | 0 | if (skipped_bytes.empty()) { |
118 | 0 | return 0; |
119 | 0 | } |
120 | | |
121 | 0 | for (int k=skipped_bytes.size()-1;k>=0;k--) |
122 | 0 | if (skipped_bytes[k] >= headerLength && |
123 | 0 | skipped_bytes[k]-headerLength <= byte_position) { |
124 | 0 | return k+1; |
125 | 0 | } |
126 | | |
127 | 0 | return 0; |
128 | 0 | } |
129 | | |
130 | | void NAL_unit::remove_stuffing_bytes() |
131 | 56.6k | { |
132 | | // Remove emulation-prevention bytes: every 0x03 that immediately follows two |
133 | | // 0x00 bytes is dropped (and the zero-run reset, so 00 00 03 03 keeps the |
134 | | // trailing 03). This is done in a single in-place forward-compaction pass in |
135 | | // O(n) time. A previous implementation called memmove() on the remaining tail |
136 | | // for each removed byte, which is O(n^2) and can be abused by a payload that |
137 | | // is densely packed with 00 00 03 triplets. |
138 | | |
139 | 56.6k | uint8_t* d = data(); |
140 | 56.6k | const int n = size(); |
141 | | |
142 | 56.6k | int w = 0; // write position == length of the compacted output so far |
143 | 56.6k | int zeros = 0; // number of consecutive 0x00 bytes already written to output |
144 | | |
145 | 691k | for (int r=0; r<n; r++) { |
146 | 634k | uint8_t b = d[r]; |
147 | | |
148 | 634k | if (zeros >= 2 && b == 3) { |
149 | | // 'r' is the position of this byte in the original (uncompacted) NAL, |
150 | | // which equals (compacted position) + num_skipped_bytes() — the value the |
151 | | // previous memmove-based code recorded here. |
152 | 2.86k | insert_skipped_byte(r); |
153 | 2.86k | zeros = 0; |
154 | 2.86k | continue; |
155 | 2.86k | } |
156 | | |
157 | 631k | d[w++] = b; |
158 | 631k | zeros = (b == 0) ? zeros + 1 : 0; |
159 | 631k | } |
160 | | |
161 | 56.6k | set_size(w); |
162 | 56.6k | } |
163 | | |
164 | | |
165 | | |
166 | | |
167 | | |
168 | 941 | NAL_Parser::NAL_Parser() = default; |
169 | | |
170 | | |
171 | | NAL_Parser::~NAL_Parser() |
172 | 941 | { |
173 | | // --- free NAL queues --- |
174 | | |
175 | | // empty NAL queue |
176 | | |
177 | 941 | NAL_unit* nal; |
178 | 54.6k | while ( (nal = pop_from_NAL_queue()) ) { |
179 | 53.6k | free_NAL_unit(nal); |
180 | 53.6k | } |
181 | | |
182 | | // free the pending input NAL |
183 | | |
184 | 941 | if (pending_input_NAL != nullptr) { |
185 | 0 | free_NAL_unit(pending_input_NAL); |
186 | 0 | } |
187 | | |
188 | | // free all NALs in free-list |
189 | | |
190 | 3.99k | for (size_t i=0;i<NAL_free_list.size();i++) { |
191 | 3.05k | delete NAL_free_list[i]; |
192 | 3.05k | } |
193 | 941 | } |
194 | | |
195 | | |
196 | | LIBDE265_CHECK_RESULT NAL_unit* NAL_Parser::alloc_NAL_unit(int size) |
197 | 56.6k | { |
198 | 56.6k | NAL_unit* nal; |
199 | | |
200 | | // --- get NAL-unit object --- |
201 | | |
202 | 56.6k | if (NAL_free_list.size() > 0) { |
203 | 0 | nal = NAL_free_list.back(); |
204 | 0 | NAL_free_list.pop_back(); |
205 | 0 | } |
206 | 56.6k | else { |
207 | 56.6k | nal = new NAL_unit; |
208 | 56.6k | } |
209 | | |
210 | 56.6k | nal->clear(); |
211 | 56.6k | if (!nal->resize(size)) { |
212 | 0 | free_NAL_unit(nal); |
213 | 0 | return nullptr; |
214 | 0 | } |
215 | | |
216 | 56.6k | return nal; |
217 | 56.6k | } |
218 | | |
219 | | void NAL_Parser::free_NAL_unit(NAL_unit* nal) |
220 | 56.6k | { |
221 | 56.6k | if (nal == nullptr) { |
222 | | // Allow calling with nullptr just like regular "free()" |
223 | 0 | return; |
224 | 0 | } |
225 | 56.6k | if (NAL_free_list.size() < DE265_NAL_FREE_LIST_SIZE) { |
226 | 3.05k | NAL_free_list.push_back(nal); |
227 | 3.05k | } |
228 | 53.6k | else { |
229 | 53.6k | delete nal; |
230 | 53.6k | } |
231 | 56.6k | } |
232 | | |
233 | | NAL_unit* NAL_Parser::pop_from_NAL_queue() |
234 | 57.6k | { |
235 | 57.6k | if (NAL_queue.empty()) { |
236 | 941 | return nullptr; |
237 | 941 | } |
238 | 56.6k | else { |
239 | 56.6k | NAL_unit* nal = NAL_queue.front(); |
240 | 56.6k | NAL_queue.pop(); |
241 | | |
242 | 56.6k | nBytes_in_NAL_queue -= nal->size(); |
243 | | |
244 | 56.6k | return nal; |
245 | 56.6k | } |
246 | 57.6k | } |
247 | | |
248 | | void NAL_Parser::push_to_NAL_queue(NAL_unit* nal) |
249 | 56.6k | { |
250 | 56.6k | NAL_queue.push(nal); |
251 | 56.6k | nBytes_in_NAL_queue += nal->size(); |
252 | 56.6k | } |
253 | | |
254 | | de265_error NAL_Parser::push_data(const unsigned char* data, int len, |
255 | | de265_PTS pts, void* user_data) |
256 | 0 | { |
257 | 0 | end_of_frame = false; |
258 | |
|
259 | 0 | if (pending_input_NAL == nullptr) { |
260 | 0 | pending_input_NAL = alloc_NAL_unit(len+3); |
261 | 0 | if (pending_input_NAL == nullptr) { |
262 | 0 | return DE265_ERROR_OUT_OF_MEMORY; |
263 | 0 | } |
264 | 0 | pending_input_NAL->pts = pts; |
265 | 0 | pending_input_NAL->user_data = user_data; |
266 | 0 | } |
267 | | |
268 | 0 | NAL_unit* nal = pending_input_NAL; // shortcut |
269 | | |
270 | | // Resize output buffer so that complete input would fit. |
271 | | // We add 3, because in the worst case 3 extra bytes are created for an input byte. |
272 | 0 | if (!nal->resize(nal->size() + len + 3)) { |
273 | 0 | return DE265_ERROR_OUT_OF_MEMORY; |
274 | 0 | } |
275 | | |
276 | 0 | unsigned char* out = nal->data() + nal->size(); |
277 | |
|
278 | 0 | for (int i=0;i<len;i++) { |
279 | | /* |
280 | | printf("state=%d input=%02x (%p) (output size: %d)\n",ctx->input_push_state, *data, data, |
281 | | out - ctx->nal_data.data); |
282 | | */ |
283 | |
|
284 | 0 | switch (input_push_state) { |
285 | 0 | case 0: |
286 | 0 | case 1: |
287 | 0 | if (*data == 0) { input_push_state++; } |
288 | 0 | else { input_push_state=0; } |
289 | 0 | break; |
290 | 0 | case 2: |
291 | 0 | if (*data == 1) { input_push_state=3; } // nal->clear_skipped_bytes(); } |
292 | 0 | else if (*data == 0) { } // *out++ = 0; } |
293 | 0 | else { input_push_state=0; } |
294 | 0 | break; |
295 | 0 | case 3: |
296 | 0 | *out++ = *data; |
297 | 0 | input_push_state = 4; |
298 | 0 | break; |
299 | 0 | case 4: |
300 | 0 | *out++ = *data; |
301 | 0 | input_push_state = 5; |
302 | 0 | break; |
303 | | |
304 | 0 | case 5: |
305 | 0 | if (*data==0) { input_push_state=6; } |
306 | 0 | else { *out++ = *data; } |
307 | 0 | break; |
308 | | |
309 | 0 | case 6: |
310 | 0 | if (*data==0) { input_push_state=7; } |
311 | 0 | else { |
312 | 0 | *out++ = 0; |
313 | 0 | *out++ = *data; |
314 | 0 | input_push_state=5; |
315 | 0 | } |
316 | 0 | break; |
317 | | |
318 | 0 | case 7: |
319 | 0 | if (*data==0) { *out++ = 0; } |
320 | 0 | else if (*data==3) { |
321 | 0 | *out++ = 0; *out++ = 0; input_push_state=5; |
322 | | |
323 | | // remember which byte we removed |
324 | 0 | nal->insert_skipped_byte((out - nal->data()) + nal->num_skipped_bytes()); |
325 | 0 | } |
326 | 0 | else if (*data==1) { |
327 | |
|
328 | | #if DEBUG_INSERT_STREAM_ERRORS |
329 | | if ((rand()%100)<90 && nal_data.size>0) { |
330 | | int pos = rand()%nal_data.size; |
331 | | int bit = rand()%8; |
332 | | nal->nal_data.data[pos] ^= 1<<bit; |
333 | | |
334 | | //printf("inserted error...\n"); |
335 | | } |
336 | | #endif |
337 | | |
338 | | // enforce the maximum NAL size: drop an oversized NAL and resync |
339 | 0 | if (!nal_size_within_limit(out - nal->data())) { |
340 | 0 | free_NAL_unit(pending_input_NAL); |
341 | 0 | pending_input_NAL = nullptr; |
342 | 0 | input_push_state = 0; |
343 | 0 | return DE265_ERROR_NAL_SIZE_EXCEEDS_SECURITY_LIMIT; |
344 | 0 | } |
345 | | |
346 | 0 | nal->set_size(out - nal->data());; |
347 | | |
348 | | // push this NAL decoder queue |
349 | 0 | push_to_NAL_queue(nal); |
350 | | |
351 | | |
352 | | // initialize new, empty NAL unit |
353 | |
|
354 | 0 | pending_input_NAL = alloc_NAL_unit(len+3); |
355 | 0 | if (pending_input_NAL == nullptr) { |
356 | 0 | return DE265_ERROR_OUT_OF_MEMORY; |
357 | 0 | } |
358 | 0 | pending_input_NAL->pts = pts; |
359 | 0 | pending_input_NAL->user_data = user_data; |
360 | 0 | nal = pending_input_NAL; |
361 | 0 | out = nal->data(); |
362 | |
|
363 | 0 | input_push_state=3; |
364 | | //nal->clear_skipped_bytes(); |
365 | 0 | } |
366 | 0 | else { |
367 | 0 | *out++ = 0; |
368 | 0 | *out++ = 0; |
369 | 0 | *out++ = *data; |
370 | |
|
371 | 0 | input_push_state=5; |
372 | 0 | } |
373 | 0 | break; |
374 | 0 | } |
375 | | |
376 | 0 | data++; |
377 | 0 | } |
378 | | |
379 | 0 | nal->set_size(out - nal->data()); |
380 | | |
381 | | // Enforce the maximum NAL size on the still-incomplete pending NAL. This bounds |
382 | | // memory when a single NAL grows across many push_data() calls without ever |
383 | | // reaching a start code. The oversized pending NAL is dropped and the parser |
384 | | // resyncs at the next start code. |
385 | 0 | if (!nal_size_within_limit(nal->size())) { |
386 | 0 | free_NAL_unit(pending_input_NAL); |
387 | 0 | pending_input_NAL = nullptr; |
388 | 0 | input_push_state = 0; |
389 | 0 | return DE265_ERROR_NAL_SIZE_EXCEEDS_SECURITY_LIMIT; |
390 | 0 | } |
391 | | |
392 | 0 | return DE265_OK; |
393 | 0 | } |
394 | | |
395 | | |
396 | | de265_error NAL_Parser::push_NAL(const unsigned char* data, int len, |
397 | | de265_PTS pts, void* user_data) |
398 | 56.6k | { |
399 | | |
400 | | // Cannot use byte-stream input and NAL input at the same time. |
401 | 56.6k | assert(pending_input_NAL == nullptr); |
402 | | |
403 | 56.6k | end_of_frame = false; |
404 | | |
405 | | // enforce the maximum NAL size to bound memory usage |
406 | 56.6k | if (!nal_size_within_limit(len)) { |
407 | 0 | return DE265_ERROR_NAL_SIZE_EXCEEDS_SECURITY_LIMIT; |
408 | 0 | } |
409 | | |
410 | 56.6k | NAL_unit* nal = alloc_NAL_unit(len); |
411 | 56.6k | if (nal == nullptr || !nal->set_data(data, len)) { |
412 | 0 | free_NAL_unit(nal); |
413 | 0 | return DE265_ERROR_OUT_OF_MEMORY; |
414 | 0 | } |
415 | 56.6k | nal->pts = pts; |
416 | 56.6k | nal->user_data = user_data; |
417 | | |
418 | 56.6k | nal->remove_stuffing_bytes(); |
419 | | |
420 | 56.6k | push_to_NAL_queue(nal); |
421 | | |
422 | 56.6k | return DE265_OK; |
423 | 56.6k | } |
424 | | |
425 | | |
426 | | de265_error NAL_Parser::flush_data() |
427 | 1.13k | { |
428 | 1.13k | if (pending_input_NAL) { |
429 | 0 | NAL_unit* nal = pending_input_NAL; |
430 | 0 | uint8_t null[2] = { 0,0 }; |
431 | | |
432 | | // append bytes that are implied by the push state |
433 | |
|
434 | 0 | if (input_push_state==6) { |
435 | 0 | if (!nal->append(null,1)) { |
436 | 0 | return DE265_ERROR_OUT_OF_MEMORY; |
437 | 0 | } |
438 | 0 | } |
439 | 0 | if (input_push_state==7) { |
440 | 0 | if (!nal->append(null,2)) { |
441 | 0 | return DE265_ERROR_OUT_OF_MEMORY; |
442 | 0 | } |
443 | 0 | } |
444 | | |
445 | | |
446 | | // only push the NAL if it contains at least the NAL header |
447 | | |
448 | 0 | if (input_push_state>=5) { |
449 | 0 | push_to_NAL_queue(nal); |
450 | 0 | pending_input_NAL = nullptr; |
451 | 0 | } |
452 | |
|
453 | 0 | input_push_state = 0; |
454 | 0 | } |
455 | | |
456 | 1.13k | return DE265_OK; |
457 | 1.13k | } |
458 | | |
459 | | |
460 | | void NAL_Parser::remove_pending_input_data() |
461 | 0 | { |
462 | | // --- remove pending input data --- |
463 | |
|
464 | 0 | if (pending_input_NAL) { |
465 | 0 | free_NAL_unit(pending_input_NAL); |
466 | 0 | pending_input_NAL = nullptr; |
467 | 0 | } |
468 | |
|
469 | 0 | for (;;) { |
470 | 0 | NAL_unit* nal = pop_from_NAL_queue(); |
471 | 0 | if (nal) { free_NAL_unit(nal); } |
472 | 0 | else break; |
473 | 0 | } |
474 | |
|
475 | 0 | input_push_state = 0; |
476 | 0 | nBytes_in_NAL_queue = 0; |
477 | 0 | } |