Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
* [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code
@ 2023-10-22 18:35 Mark Thompson
  2023-10-25 20:55 ` Michael Niedermayer
  2023-12-25 23:50 ` Michael Niedermayer
  0 siblings, 2 replies; 5+ messages in thread
From: Mark Thompson @ 2023-10-22 18:35 UTC (permalink / raw)
  To: FFmpeg development discussions and patches

The spec allows at least thirty-two zero bits followed by a one to mean
2^32-1, with no constraint on the number of zeroes.  The libaom
reference decoder does not match this, instead reading thirty-two zeroes
but not the following one to mean 2^32-1.  These two interpretations are
incompatible and other implementations may follow one or the other.
Therefore reject thirty-two zeroes because the intended behaviour is not
clear.
---
libaom, dav1d and SVT-AV1 all have the same nonstandard behaviour of stopping at thirty-two zeroes and not reading the one.  gav1 just rejects thirty-two zeroes.

This is also a source of arbitrarily large single syntax elements to hit <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2023-October/315973.html>.

  libavcodec/cbs_av1.c | 18 +++++++++++++-----
  1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index 1d9ac5ab44..13c749a25b 100644
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -36,7 +36,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
      CBS_TRACE_READ_START();

      zeroes = 0;
-    while (1) {
+    while (zeroes < 32) {
          if (get_bits_left(gbc) < 1) {
              av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
                     "%s: bitstream ended.\n", name);
@@ -49,10 +49,18 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
      }

      if (zeroes >= 32) {
-        // Note that the spec allows an arbitrarily large number of
-        // zero bits followed by a one bit in this case, but the
-        // libaom implementation does not support it.
-        value = MAX_UINT_BITS(32);
+        // The spec allows at least thirty-two zero bits followed by a
+        // one to mean 2^32-1, with no constraint on the number of
+        // zeroes.  The libaom reference decoder does not match this,
+        // instead reading thirty-two zeroes but not the following one
+        // to mean 2^32-1.  These two interpretations are incompatible
+        // and other implementations may follow one or the other.
+        // Therefore we reject thirty-two zeroes because the intended
+        // behaviour is not clear.
+        av_log(ctx->log_ctx, AV_LOG_ERROR, "Thirty-two zero bits in "
+               "%s uvlc code: considered invalid due to conflicting "
+               "standard and reference decoder behaviour.\n", name);
+        return AVERROR_INVALIDDATA;
      } else {
          if (get_bits_left(gbc) < zeroes) {
              av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
-- 
2.39.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code
  2023-10-22 18:35 [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code Mark Thompson
@ 2023-10-25 20:55 ` Michael Niedermayer
  2023-11-27 13:08   ` Mark Thompson
  2023-12-25 23:50 ` Michael Niedermayer
  1 sibling, 1 reply; 5+ messages in thread
From: Michael Niedermayer @ 2023-10-25 20:55 UTC (permalink / raw)
  To: FFmpeg development discussions and patches


[-- Attachment #1.1: Type: text/plain, Size: 1135 bytes --]

On Sun, Oct 22, 2023 at 07:35:52PM +0100, Mark Thompson wrote:
> The spec allows at least thirty-two zero bits followed by a one to mean
> 2^32-1, with no constraint on the number of zeroes.  The libaom
> reference decoder does not match this, instead reading thirty-two zeroes
> but not the following one to mean 2^32-1.  These two interpretations are
> incompatible and other implementations may follow one or the other.
> Therefore reject thirty-two zeroes because the intended behaviour is not
> clear.
> ---
> libaom, dav1d and SVT-AV1 all have the same nonstandard behaviour of stopping at thirty-two zeroes and not reading the one.  gav1 just rejects thirty-two zeroes.

I would suggest to contact the authors of the spec to bring this discrepancy
to their attention, unless this is already known and
unless this sequence is declared invalid by some other part of the spec
(which would make the discrepancy only occur in invalid sequences)

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are best at talking, realize last or never when they are wrong.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code
  2023-10-25 20:55 ` Michael Niedermayer
@ 2023-11-27 13:08   ` Mark Thompson
  0 siblings, 0 replies; 5+ messages in thread
From: Mark Thompson @ 2023-11-27 13:08 UTC (permalink / raw)
  To: ffmpeg-devel

On 25/10/2023 21:55, Michael Niedermayer wrote:
> On Sun, Oct 22, 2023 at 07:35:52PM +0100, Mark Thompson wrote:
>> The spec allows at least thirty-two zero bits followed by a one to mean
>> 2^32-1, with no constraint on the number of zeroes.  The libaom
>> reference decoder does not match this, instead reading thirty-two zeroes
>> but not the following one to mean 2^32-1.  These two interpretations are
>> incompatible and other implementations may follow one or the other.
>> Therefore reject thirty-two zeroes because the intended behaviour is not
>> clear.
>> ---
>> libaom, dav1d and SVT-AV1 all have the same nonstandard behaviour of stopping at thirty-two zeroes and not reading the one.  gav1 just rejects thirty-two zeroes.
> 
> I would suggest to contact the authors of the spec to bring this discrepancy
> to their attention, unless this is already known and
> unless this sequence is declared invalid by some other part of the spec
> (which would make the discrepancy only occur in invalid sequences)
<https://github.com/AOMediaCodec/av1-spec/pull/343>

Since this only occurs in nonconforming streams, fixing the spec seems like the better option.

Thanks,

- Mark
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code
  2023-10-22 18:35 [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code Mark Thompson
  2023-10-25 20:55 ` Michael Niedermayer
@ 2023-12-25 23:50 ` Michael Niedermayer
  2024-07-21 12:34   ` Michael Niedermayer
  1 sibling, 1 reply; 5+ messages in thread
From: Michael Niedermayer @ 2023-12-25 23:50 UTC (permalink / raw)
  To: FFmpeg development discussions and patches; +Cc: Mark Thompson


[-- Attachment #1.1: Type: text/plain, Size: 1571 bytes --]

Hi

On Sun, Oct 22, 2023 at 07:35:52PM +0100, Mark Thompson wrote:
> The spec allows at least thirty-two zero bits followed by a one to mean
> 2^32-1, with no constraint on the number of zeroes.  The libaom
> reference decoder does not match this, instead reading thirty-two zeroes
> but not the following one to mean 2^32-1.  These two interpretations are
> incompatible and other implementations may follow one or the other.
> Therefore reject thirty-two zeroes because the intended behaviour is not
> clear.
> ---
> libaom, dav1d and SVT-AV1 all have the same nonstandard behaviour of stopping at thirty-two zeroes and not reading the one.  gav1 just rejects thirty-two zeroes.
> 
> This is also a source of arbitrarily large single syntax elements to hit <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2023-October/315973.html>.
> 
>  libavcodec/cbs_av1.c | 18 +++++++++++++-----
>  1 file changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> index 1d9ac5ab44..13c749a25b 100644
> --- a/libavcodec/cbs_av1.c
> +++ b/libavcodec/cbs_av1.c
> @@ -36,7 +36,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
>      CBS_TRACE_READ_START();
> 
>      zeroes = 0;
> -    while (1) {
> +    while (zeroes < 32) {

what happened with this patch ?
the git master code still aborts

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The worst form of inequality is to try to make unequal things equal.
-- Aristotle

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code
  2023-12-25 23:50 ` Michael Niedermayer
@ 2024-07-21 12:34   ` Michael Niedermayer
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Niedermayer @ 2024-07-21 12:34 UTC (permalink / raw)
  To: FFmpeg development discussions and patches; +Cc: Mark Thompson


[-- Attachment #1.1: Type: text/plain, Size: 1811 bytes --]

On Tue, Dec 26, 2023 at 12:50:42AM +0100, Michael Niedermayer wrote:
> Hi
> 
> On Sun, Oct 22, 2023 at 07:35:52PM +0100, Mark Thompson wrote:
> > The spec allows at least thirty-two zero bits followed by a one to mean
> > 2^32-1, with no constraint on the number of zeroes.  The libaom
> > reference decoder does not match this, instead reading thirty-two zeroes
> > but not the following one to mean 2^32-1.  These two interpretations are
> > incompatible and other implementations may follow one or the other.
> > Therefore reject thirty-two zeroes because the intended behaviour is not
> > clear.
> > ---
> > libaom, dav1d and SVT-AV1 all have the same nonstandard behaviour of stopping at thirty-two zeroes and not reading the one.  gav1 just rejects thirty-two zeroes.
> > 
> > This is also a source of arbitrarily large single syntax elements to hit <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2023-October/315973.html>.
> > 
> >  libavcodec/cbs_av1.c | 18 +++++++++++++-----
> >  1 file changed, 13 insertions(+), 5 deletions(-)
> > 
> > diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
> > index 1d9ac5ab44..13c749a25b 100644
> > --- a/libavcodec/cbs_av1.c
> > +++ b/libavcodec/cbs_av1.c
> > @@ -36,7 +36,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
> >      CBS_TRACE_READ_START();
> > 
> >      zeroes = 0;
> > -    while (1) {
> > +    while (zeroes < 32) {
> 
> what happened with this patch ?
> the git master code still aborts

timeout (many times in fact)

will apply

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Dictatorship naturally arises out of democracy, and the most aggravated
form of tyranny and slavery out of the most extreme liberty. -- Plato

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-07-21 12:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-22 18:35 [FFmpeg-devel] [PATCH] cbs_av1: Reject thirty-two zero bits in uvlc code Mark Thompson
2023-10-25 20:55 ` Michael Niedermayer
2023-11-27 13:08   ` Mark Thompson
2023-12-25 23:50 ` Michael Niedermayer
2024-07-21 12:34   ` Michael Niedermayer

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git