* [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss @ 2024-01-30 9:40 post 2024-01-30 12:28 ` James Almer 2024-01-30 12:31 ` Nuo Mi 0 siblings, 2 replies; 7+ messages in thread From: post @ 2024-01-30 9:40 UTC (permalink / raw) To: ffmpeg-devel; +Cc: Frank Plowman From: Frank Plowman <post@frankplowman.com> Check that vps_each_layer_is_an_ols_flag, which indicates that "at least one OLS specified by the VPS contains more than one layer," is set if num_multi_layer_olss is non-zero. Fixes: 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Frank Plowman <post@frankplowman.com> --- libavcodec/cbs_h266_syntax_template.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c index 2f3478e5e1..37dc3acba0 100644 --- a/libavcodec/cbs_h266_syntax_template.c +++ b/libavcodec/cbs_h266_syntax_template.c @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, RWContext *rw, num_multi_layer_olss++; } } + if (!current->vps_each_layer_is_an_ols_flag && num_multi_layer_olss == 0) + return AVERROR_INVALIDDATA; } for (i = 0; i <= current->vps_num_ptls_minus1; i++) { -- 2.43.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss 2024-01-30 9:40 [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss post @ 2024-01-30 12:28 ` James Almer 2024-01-30 12:31 ` Nuo Mi 1 sibling, 0 replies; 7+ messages in thread From: James Almer @ 2024-01-30 12:28 UTC (permalink / raw) To: ffmpeg-devel On 1/30/2024 6:40 AM, post@frankplowman.com wrote: > From: Frank Plowman <post@frankplowman.com> > > Check that vps_each_layer_is_an_ols_flag, which indicates that "at > least one OLS specified by the VPS contains more than one layer," is > set if num_multi_layer_olss is non-zero. > > Fixes: 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Frank Plowman <post@frankplowman.com> > --- > libavcodec/cbs_h266_syntax_template.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c > index 2f3478e5e1..37dc3acba0 100644 > --- a/libavcodec/cbs_h266_syntax_template.c > +++ b/libavcodec/cbs_h266_syntax_template.c > @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, RWContext *rw, > num_multi_layer_olss++; > } > } > + if (!current->vps_each_layer_is_an_ols_flag && num_multi_layer_olss == 0) > + return AVERROR_INVALIDDATA; > } > > for (i = 0; i <= current->vps_num_ptls_minus1; i++) { Applied, thanks. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss 2024-01-30 9:40 [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss post 2024-01-30 12:28 ` James Almer @ 2024-01-30 12:31 ` Nuo Mi 2024-01-30 12:55 ` Frank Plowman 1 sibling, 1 reply; 7+ messages in thread From: Nuo Mi @ 2024-01-30 12:31 UTC (permalink / raw) To: FFmpeg development discussions and patches; +Cc: Frank Plowman On Tue, Jan 30, 2024 at 5:41 PM <post@frankplowman.com> wrote: > From: Frank Plowman <post@frankplowman.com> > > Check that vps_each_layer_is_an_ols_flag, which indicates that "at > least one OLS specified by the VPS contains more than one layer," is > set if num_multi_layer_olss is non-zero. > > Fixes: > 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Frank Plowman <post@frankplowman.com> > --- > libavcodec/cbs_h266_syntax_template.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/cbs_h266_syntax_template.c > b/libavcodec/cbs_h266_syntax_template.c > index 2f3478e5e1..37dc3acba0 100644 > --- a/libavcodec/cbs_h266_syntax_template.c > +++ b/libavcodec/cbs_h266_syntax_template.c > @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, > RWContext *rw, > num_multi_layer_olss++; > } > } > + if (!current->vps_each_layer_is_an_ols_flag && > num_multi_layer_olss == 0) > + return AVERROR_INVALIDDATA; > } > > The specification does not provide information on how to obtain TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3. Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, total_num_olss - 1)" is undefined. We'd better return a patch welcome error instead of printing a warning before vps_num_ptls_minus1 line for (i = 0; i <= current->vps_num_ptls_minus1; i++) { > -- > 2.43.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss 2024-01-30 12:31 ` Nuo Mi @ 2024-01-30 12:55 ` Frank Plowman 2024-01-30 13:13 ` Frank Plowman 2024-01-30 13:16 ` Nuo Mi 0 siblings, 2 replies; 7+ messages in thread From: Frank Plowman @ 2024-01-30 12:55 UTC (permalink / raw) To: ffmpeg-devel On 30/01/2024 12:31, Nuo Mi wrote: > On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote: >> From: Frank Plowman<post@frankplowman.com> >> >> Check that vps_each_layer_is_an_ols_flag, which indicates that "at >> least one OLS specified by the VPS contains more than one layer," is >> set if num_multi_layer_olss is non-zero. >> >> Fixes: >> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 >> >> Found-by: continuous fuzzing process >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by >> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: >> Frank Plowman<post@frankplowman.com> >> --- >> libavcodec/cbs_h266_syntax_template.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/libavcodec/cbs_h266_syntax_template.c >> b/libavcodec/cbs_h266_syntax_template.c >> index 2f3478e5e1..37dc3acba0 100644 >> --- a/libavcodec/cbs_h266_syntax_template.c >> +++ b/libavcodec/cbs_h266_syntax_template.c >> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, >> RWContext *rw, >> num_multi_layer_olss++; >> } >> } >> + if (!current->vps_each_layer_is_an_ols_flag && >> num_multi_layer_olss == 0) >> + return AVERROR_INVALIDDATA; >> } > The specification does not provide information on how to obtain > TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3. > Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, total_num_olss - > 1)" is undefined. > We'd better return a patch welcome error instead of printing a warning > before vps_num_ptls_minus1 line This is the same behaviour James suggested in an earlier patch. The spec says "decoders conforming to this version of this Specification shall ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this should be an error as the spec is unambiguous here. Perhaps we can instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is there some better way to ignore these OLSs? _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss 2024-01-30 12:55 ` Frank Plowman @ 2024-01-30 13:13 ` Frank Plowman 2024-01-30 13:25 ` Nuo Mi 2024-01-30 13:16 ` Nuo Mi 1 sibling, 1 reply; 7+ messages in thread From: Frank Plowman @ 2024-01-30 13:13 UTC (permalink / raw) To: ffmpeg-devel On 30/01/2024 12:55, Frank Plowman wrote: > On 30/01/2024 12:31, Nuo Mi wrote: > >> On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote: >>> From: Frank Plowman<post@frankplowman.com> >>> >>> Check that vps_each_layer_is_an_ols_flag, which indicates that "at >>> least one OLS specified by the VPS contains more than one layer," is >>> set if num_multi_layer_olss is non-zero. >>> >>> Fixes: >>> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 >>> >>> Found-by: continuous fuzzing process >>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>> Signed-off-by >>> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: >>> Frank Plowman<post@frankplowman.com> >>> --- >>> libavcodec/cbs_h266_syntax_template.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/libavcodec/cbs_h266_syntax_template.c >>> b/libavcodec/cbs_h266_syntax_template.c >>> index 2f3478e5e1..37dc3acba0 100644 >>> --- a/libavcodec/cbs_h266_syntax_template.c >>> +++ b/libavcodec/cbs_h266_syntax_template.c >>> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, >>> RWContext *rw, >>> num_multi_layer_olss++; >>> } >>> } >>> + if (!current->vps_each_layer_is_an_ols_flag && >>> num_multi_layer_olss == 0) >>> + return AVERROR_INVALIDDATA; >>> } >> The specification does not provide information on how to obtain >> TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3. >> Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, >> total_num_olss - >> 1)" is undefined. >> We'd better return a patch welcome error instead of printing a warning >> before vps_num_ptls_minus1 line > > This is the same behaviour James suggested in an earlier patch. The spec > says "decoders conforming to this version of this Specification shall > ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this > should be an error as the spec is unambiguous here. Perhaps we can > instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is > there some better way to ignore these OLSs? For reference, VTM's behaviour is the same as the current behaviour: TotalNumOlss is assumed to be 0 when ols_mode_idc, hence most of the remaining syntax elements in the VPS are not read as they are within for (i = 0; i < total_num_olss; i++) loops or other loops with bounds derived from total_num_olss. On the other hand, VVdeC's behaviour is the same as you suggest: it throws an error if total_num_olss is 3. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss 2024-01-30 13:13 ` Frank Plowman @ 2024-01-30 13:25 ` Nuo Mi 0 siblings, 0 replies; 7+ messages in thread From: Nuo Mi @ 2024-01-30 13:25 UTC (permalink / raw) To: FFmpeg development discussions and patches On Tue, Jan 30, 2024 at 9:13 PM Frank Plowman <post@frankplowman.com> wrote: > On 30/01/2024 12:55, Frank Plowman wrote: > > On 30/01/2024 12:31, Nuo Mi wrote: > > > >> On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote: > >>> From: Frank Plowman<post@frankplowman.com> > >>> > >>> Check that vps_each_layer_is_an_ols_flag, which indicates that "at > >>> least one OLS specified by the VPS contains more than one layer," is > >>> set if num_multi_layer_olss is non-zero. > >>> > >>> Fixes: > >>> > 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 > >>> > >>> Found-by: continuous fuzzing process > >>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >>> Signed-off-by > >>> < > https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by > >: > >>> Frank Plowman<post@frankplowman.com> > >>> --- > >>> libavcodec/cbs_h266_syntax_template.c | 2 ++ > >>> 1 file changed, 2 insertions(+) > >>> > >>> diff --git a/libavcodec/cbs_h266_syntax_template.c > >>> b/libavcodec/cbs_h266_syntax_template.c > >>> index 2f3478e5e1..37dc3acba0 100644 > >>> --- a/libavcodec/cbs_h266_syntax_template.c > >>> +++ b/libavcodec/cbs_h266_syntax_template.c > >>> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, > >>> RWContext *rw, > >>> num_multi_layer_olss++; > >>> } > >>> } > >>> + if (!current->vps_each_layer_is_an_ols_flag && > >>> num_multi_layer_olss == 0) > >>> + return AVERROR_INVALIDDATA; > >>> } > >> The specification does not provide information on how to obtain > >> TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3. > >> Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, > >> total_num_olss - > >> 1)" is undefined. > >> We'd better return a patch welcome error instead of printing a warning > >> before vps_num_ptls_minus1 line > > > > This is the same behaviour James suggested in an earlier patch. The spec > > says "decoders conforming to this version of this Specification shall > > ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this > > should be an error as the spec is unambiguous here. Perhaps we can > > instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is > > there some better way to ignore these OLSs? > > For reference, VTM's behaviour is the same as the current behaviour: > TotalNumOlss is assumed to be 0 when ols_mode_idc, hence most of the > remaining syntax elements in the VPS are not read as they are within > But once you read the vps_num_ptls_minus1, your behaviors are undefined. because you do not know vps_num_ptls_minus1 should be less than TotalNumOlss. and TotalNumOlss is undefined for ols_mode_idc == 3. :) > > for (i = 0; i < total_num_olss; i++) > > loops or other loops with bounds derived from total_num_olss. On the > other hand, VVdeC's behaviour is the same as you suggest: it throws an > error if total_num_olss is 3. > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss 2024-01-30 12:55 ` Frank Plowman 2024-01-30 13:13 ` Frank Plowman @ 2024-01-30 13:16 ` Nuo Mi 1 sibling, 0 replies; 7+ messages in thread From: Nuo Mi @ 2024-01-30 13:16 UTC (permalink / raw) To: FFmpeg development discussions and patches On Tue, Jan 30, 2024 at 8:56 PM Frank Plowman <post@frankplowman.com> wrote: > On 30/01/2024 12:31, Nuo Mi wrote: > > > On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote: > >> From: Frank Plowman<post@frankplowman.com> > >> > >> Check that vps_each_layer_is_an_ols_flag, which indicates that "at > >> least one OLS specified by the VPS contains more than one layer," is > >> set if num_multi_layer_olss is non-zero. > >> > >> Fixes: > >> > 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 > >> > >> Found-by: continuous fuzzing process > >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >> Signed-off-by > >> < > https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by > >: > >> Frank Plowman<post@frankplowman.com> > >> --- > >> libavcodec/cbs_h266_syntax_template.c | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/libavcodec/cbs_h266_syntax_template.c > >> b/libavcodec/cbs_h266_syntax_template.c > >> index 2f3478e5e1..37dc3acba0 100644 > >> --- a/libavcodec/cbs_h266_syntax_template.c > >> +++ b/libavcodec/cbs_h266_syntax_template.c > >> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, > >> RWContext *rw, > >> num_multi_layer_olss++; > >> } > >> } > >> + if (!current->vps_each_layer_is_an_ols_flag && > >> num_multi_layer_olss == 0) > >> + return AVERROR_INVALIDDATA; > >> } > > The specification does not provide information on how to obtain > > TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3. > > Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, total_num_olss > - > > 1)" is undefined. > > We'd better return a patch welcome error instead of printing a warning > > before vps_num_ptls_minus1 line > > This is the same behaviour James suggested in an earlier patch. The spec > says "decoders conforming to this version of this Specification shall > ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this > should be an error as the spec is unambiguous here. Perhaps we can > instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is > there some better way to ignore these OLSs? > Even the specification editor is uncertain about what will be included in the future. Perhaps logic later than the point needs a total rewrite. It's not an error in terms of invalid data; we simply do not know how to handle it and are asking others to provide the patch. _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-01-30 13:25 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2024-01-30 9:40 [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss post 2024-01-30 12:28 ` James Almer 2024-01-30 12:31 ` Nuo Mi 2024-01-30 12:55 ` Frank Plowman 2024-01-30 13:13 ` Frank Plowman 2024-01-30 13:25 ` Nuo Mi 2024-01-30 13:16 ` Nuo Mi
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel This inbox may be cloned and mirrored by anyone: git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \ ffmpegdev@gitmailbox.com public-inbox-index ffmpegdev Example config snippet for mirrors. AGPL code for this site: git clone https://public-inbox.org/public-inbox.git