Re: [FFmpeg-devel] [PATCH] avcodec/dovi_rpudec: replace brittle struct copying code - Cosmin Stejerean via ffmpeg-devel

From: Cosmin Stejerean via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: "FFmpeg development discussions and patches" <ffmpeg-devel@ffmpeg.org>
Cc: "Cosmin Stejerean" <cosmin@cosmin.at>
Subject: Re: [FFmpeg-devel] [PATCH] avcodec/dovi_rpudec: replace brittle struct copying code
Date: Wed, 5 Jun 2024 21:24:05 +0000
Message-ID: <0101018fea49a470-6efdf1d2-421f-4ece-bcf0-9bdb148a93e7-000000@us-west-2.amazonses.com> (raw)
In-Reply-To: <20240605142354.GB72613@haasn.xyz>

> On Jun 5, 2024, at 5:23 AM, Niklas Haas <ffmpeg@haasn.xyz> wrote:
> 
> On Wed, 05 Jun 2024 12:07:08 +0200 Andreas Rheinhardt <andreas.rheinhardt@outlook.com> wrote:
>> Niklas Haas:
>>> From: Niklas Haas <git@haasn.dev>
>>> 
>>> This code was unnecessarily trying to be robust against downgrades of
>>> libavutil (relative to the version libavcodec was compiled against), but
>>> in the process, ended up with very brittle code that is easy to
>>> accidentally forget to update when adding new fields.
>>> 
>>> Instead, do the obvious thing and just directly copy the parts of the
>>> struct known at compile time. Since it is not generally supported to
>>> link against a version of libavutil older than the version libavcodec
>>> was compiled against, the struct shrinking externally is not a case we
>>> need to be worrying about.
>> 
>> The exact opposite is true: The code is trying to be robust against
>> upgrades of libavutil. The reason for this is potential trailing padding
>> in the structures that are copied here. It may be used for actual stuff
>> in a future libavutil and the approach you use here allows the compiler
>> to clobber it.
>> 
>> (How would this code be robust against downgrades of libavutil at all?
>> There is no check here that sizeof of the side data is big enough to
>> contain everything we expect it to contain.)
> 
> I should clearly not write code immediately after waking up.
> 
> Yes, true, the only thing this logic is trying to accomplish is being
> robust against the struct gaining extra padding in the future.
> 
> That said, I still think the code as written is brittle and I'm not sure
> it's providing anything useful. What is the likelihood of this struct
> being extended in a way that does not affect the encoder, vs. the
> likelihood of this struct being extended but somebody forgetting to bump
> the equivalent "last field" entry in this file?
> 
> Anecdotally, the latter has already happened once.

+1, having already tripped on this on my patch to add ext_mapping_idc* fields I can confirm that it's easy to trip on this, easy to miss unless you carefully inspect the RPU afterwards,  and then hard to spot where the problem is without having to trace through the code and catch this copy. 

The new approach seems much better in practice.

- Cosmin
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".