* [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
@ 2024-01-30 9:40 post
2024-01-30 12:28 ` James Almer
2024-01-30 12:31 ` Nuo Mi
0 siblings, 2 replies; 7+ messages in thread
From: post @ 2024-01-30 9:40 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Frank Plowman
From: Frank Plowman <post@frankplowman.com>
Check that vps_each_layer_is_an_ols_flag, which indicates that "at
least one OLS specified by the VPS contains more than one layer," is
set if num_multi_layer_olss is non-zero.
Fixes: 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Frank Plowman <post@frankplowman.com>
---
libavcodec/cbs_h266_syntax_template.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c
index 2f3478e5e1..37dc3acba0 100644
--- a/libavcodec/cbs_h266_syntax_template.c
+++ b/libavcodec/cbs_h266_syntax_template.c
@@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, RWContext *rw,
num_multi_layer_olss++;
}
}
+ if (!current->vps_each_layer_is_an_ols_flag && num_multi_layer_olss == 0)
+ return AVERROR_INVALIDDATA;
}
for (i = 0; i <= current->vps_num_ptls_minus1; i++) {
--
2.43.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
2024-01-30 9:40 [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss post
@ 2024-01-30 12:28 ` James Almer
2024-01-30 12:31 ` Nuo Mi
1 sibling, 0 replies; 7+ messages in thread
From: James Almer @ 2024-01-30 12:28 UTC (permalink / raw)
To: ffmpeg-devel
On 1/30/2024 6:40 AM, post@frankplowman.com wrote:
> From: Frank Plowman <post@frankplowman.com>
>
> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
> least one OLS specified by the VPS contains more than one layer," is
> set if num_multi_layer_olss is non-zero.
>
> Fixes: 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Frank Plowman <post@frankplowman.com>
> ---
> libavcodec/cbs_h266_syntax_template.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c
> index 2f3478e5e1..37dc3acba0 100644
> --- a/libavcodec/cbs_h266_syntax_template.c
> +++ b/libavcodec/cbs_h266_syntax_template.c
> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, RWContext *rw,
> num_multi_layer_olss++;
> }
> }
> + if (!current->vps_each_layer_is_an_ols_flag && num_multi_layer_olss == 0)
> + return AVERROR_INVALIDDATA;
> }
>
> for (i = 0; i <= current->vps_num_ptls_minus1; i++) {
Applied, thanks.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
2024-01-30 9:40 [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss post
2024-01-30 12:28 ` James Almer
@ 2024-01-30 12:31 ` Nuo Mi
2024-01-30 12:55 ` Frank Plowman
1 sibling, 1 reply; 7+ messages in thread
From: Nuo Mi @ 2024-01-30 12:31 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Frank Plowman
On Tue, Jan 30, 2024 at 5:41 PM <post@frankplowman.com> wrote:
> From: Frank Plowman <post@frankplowman.com>
>
> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
> least one OLS specified by the VPS contains more than one layer," is
> set if num_multi_layer_olss is non-zero.
>
> Fixes:
> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Frank Plowman <post@frankplowman.com>
> ---
> libavcodec/cbs_h266_syntax_template.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/cbs_h266_syntax_template.c
> b/libavcodec/cbs_h266_syntax_template.c
> index 2f3478e5e1..37dc3acba0 100644
> --- a/libavcodec/cbs_h266_syntax_template.c
> +++ b/libavcodec/cbs_h266_syntax_template.c
> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
> RWContext *rw,
> num_multi_layer_olss++;
> }
> }
> + if (!current->vps_each_layer_is_an_ols_flag &&
> num_multi_layer_olss == 0)
> + return AVERROR_INVALIDDATA;
> }
>
> The specification does not provide information on how to obtain
TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3.
Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, total_num_olss -
1)" is undefined.
We'd better return a patch welcome error instead of printing a warning
before vps_num_ptls_minus1 line
for (i = 0; i <= current->vps_num_ptls_minus1; i++) {
> --
> 2.43.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
2024-01-30 12:31 ` Nuo Mi
@ 2024-01-30 12:55 ` Frank Plowman
2024-01-30 13:13 ` Frank Plowman
2024-01-30 13:16 ` Nuo Mi
0 siblings, 2 replies; 7+ messages in thread
From: Frank Plowman @ 2024-01-30 12:55 UTC (permalink / raw)
To: ffmpeg-devel
On 30/01/2024 12:31, Nuo Mi wrote:
> On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote:
>> From: Frank Plowman<post@frankplowman.com>
>>
>> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
>> least one OLS specified by the VPS contains more than one layer," is
>> set if num_multi_layer_olss is non-zero.
>>
>> Fixes:
>> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by
>> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
>> Frank Plowman<post@frankplowman.com>
>> ---
>> libavcodec/cbs_h266_syntax_template.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/libavcodec/cbs_h266_syntax_template.c
>> b/libavcodec/cbs_h266_syntax_template.c
>> index 2f3478e5e1..37dc3acba0 100644
>> --- a/libavcodec/cbs_h266_syntax_template.c
>> +++ b/libavcodec/cbs_h266_syntax_template.c
>> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
>> RWContext *rw,
>> num_multi_layer_olss++;
>> }
>> }
>> + if (!current->vps_each_layer_is_an_ols_flag &&
>> num_multi_layer_olss == 0)
>> + return AVERROR_INVALIDDATA;
>> }
> The specification does not provide information on how to obtain
> TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3.
> Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, total_num_olss -
> 1)" is undefined.
> We'd better return a patch welcome error instead of printing a warning
> before vps_num_ptls_minus1 line
This is the same behaviour James suggested in an earlier patch. The spec
says "decoders conforming to this version of this Specification shall
ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this
should be an error as the spec is unambiguous here. Perhaps we can
instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is
there some better way to ignore these OLSs?
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
2024-01-30 12:55 ` Frank Plowman
@ 2024-01-30 13:13 ` Frank Plowman
2024-01-30 13:25 ` Nuo Mi
2024-01-30 13:16 ` Nuo Mi
1 sibling, 1 reply; 7+ messages in thread
From: Frank Plowman @ 2024-01-30 13:13 UTC (permalink / raw)
To: ffmpeg-devel
On 30/01/2024 12:55, Frank Plowman wrote:
> On 30/01/2024 12:31, Nuo Mi wrote:
>
>> On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote:
>>> From: Frank Plowman<post@frankplowman.com>
>>>
>>> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
>>> least one OLS specified by the VPS contains more than one layer," is
>>> set if num_multi_layer_olss is non-zero.
>>>
>>> Fixes:
>>> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
>>>
>>> Found-by: continuous fuzzing process
>>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>> Signed-off-by
>>> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
>>> Frank Plowman<post@frankplowman.com>
>>> ---
>>> libavcodec/cbs_h266_syntax_template.c | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/libavcodec/cbs_h266_syntax_template.c
>>> b/libavcodec/cbs_h266_syntax_template.c
>>> index 2f3478e5e1..37dc3acba0 100644
>>> --- a/libavcodec/cbs_h266_syntax_template.c
>>> +++ b/libavcodec/cbs_h266_syntax_template.c
>>> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
>>> RWContext *rw,
>>> num_multi_layer_olss++;
>>> }
>>> }
>>> + if (!current->vps_each_layer_is_an_ols_flag &&
>>> num_multi_layer_olss == 0)
>>> + return AVERROR_INVALIDDATA;
>>> }
>> The specification does not provide information on how to obtain
>> TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3.
>> Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0,
>> total_num_olss -
>> 1)" is undefined.
>> We'd better return a patch welcome error instead of printing a warning
>> before vps_num_ptls_minus1 line
>
> This is the same behaviour James suggested in an earlier patch. The spec
> says "decoders conforming to this version of this Specification shall
> ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this
> should be an error as the spec is unambiguous here. Perhaps we can
> instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is
> there some better way to ignore these OLSs?
For reference, VTM's behaviour is the same as the current behaviour:
TotalNumOlss is assumed to be 0 when ols_mode_idc, hence most of the
remaining syntax elements in the VPS are not read as they are within
for (i = 0; i < total_num_olss; i++)
loops or other loops with bounds derived from total_num_olss. On the
other hand, VVdeC's behaviour is the same as you suggest: it throws an
error if total_num_olss is 3.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
2024-01-30 12:55 ` Frank Plowman
2024-01-30 13:13 ` Frank Plowman
@ 2024-01-30 13:16 ` Nuo Mi
1 sibling, 0 replies; 7+ messages in thread
From: Nuo Mi @ 2024-01-30 13:16 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Tue, Jan 30, 2024 at 8:56 PM Frank Plowman <post@frankplowman.com> wrote:
> On 30/01/2024 12:31, Nuo Mi wrote:
>
> > On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote:
> >> From: Frank Plowman<post@frankplowman.com>
> >>
> >> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
> >> least one OLS specified by the VPS contains more than one layer," is
> >> set if num_multi_layer_olss is non-zero.
> >>
> >> Fixes:
> >>
> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
> >>
> >> Found-by: continuous fuzzing process
> >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >> Signed-off-by
> >> <
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by
> >:
> >> Frank Plowman<post@frankplowman.com>
> >> ---
> >> libavcodec/cbs_h266_syntax_template.c | 2 ++
> >> 1 file changed, 2 insertions(+)
> >>
> >> diff --git a/libavcodec/cbs_h266_syntax_template.c
> >> b/libavcodec/cbs_h266_syntax_template.c
> >> index 2f3478e5e1..37dc3acba0 100644
> >> --- a/libavcodec/cbs_h266_syntax_template.c
> >> +++ b/libavcodec/cbs_h266_syntax_template.c
> >> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
> >> RWContext *rw,
> >> num_multi_layer_olss++;
> >> }
> >> }
> >> + if (!current->vps_each_layer_is_an_ols_flag &&
> >> num_multi_layer_olss == 0)
> >> + return AVERROR_INVALIDDATA;
> >> }
> > The specification does not provide information on how to obtain
> > TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3.
> > Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0, total_num_olss
> -
> > 1)" is undefined.
> > We'd better return a patch welcome error instead of printing a warning
> > before vps_num_ptls_minus1 line
>
> This is the same behaviour James suggested in an earlier patch. The spec
> says "decoders conforming to this version of this Specification shall
> ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this
> should be an error as the spec is unambiguous here. Perhaps we can
> instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is
> there some better way to ignore these OLSs?
>
Even the specification editor is uncertain about what will be included in
the future.
Perhaps logic later than the point needs a total rewrite.
It's not an error in terms of invalid data; we simply do not know how to
handle it and are asking others to provide the patch.
_______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss
2024-01-30 13:13 ` Frank Plowman
@ 2024-01-30 13:25 ` Nuo Mi
0 siblings, 0 replies; 7+ messages in thread
From: Nuo Mi @ 2024-01-30 13:25 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Tue, Jan 30, 2024 at 9:13 PM Frank Plowman <post@frankplowman.com> wrote:
> On 30/01/2024 12:55, Frank Plowman wrote:
> > On 30/01/2024 12:31, Nuo Mi wrote:
> >
> >> On Tue, Jan 30, 2024 at 5:41 PM<post@frankplowman.com> wrote:
> >>> From: Frank Plowman<post@frankplowman.com>
> >>>
> >>> Check that vps_each_layer_is_an_ols_flag, which indicates that "at
> >>> least one OLS specified by the VPS contains more than one layer," is
> >>> set if num_multi_layer_olss is non-zero.
> >>>
> >>> Fixes:
> >>>
> 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360
> >>>
> >>> Found-by: continuous fuzzing process
> >>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >>> Signed-off-by
> >>> <
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by
> >:
> >>> Frank Plowman<post@frankplowman.com>
> >>> ---
> >>> libavcodec/cbs_h266_syntax_template.c | 2 ++
> >>> 1 file changed, 2 insertions(+)
> >>>
> >>> diff --git a/libavcodec/cbs_h266_syntax_template.c
> >>> b/libavcodec/cbs_h266_syntax_template.c
> >>> index 2f3478e5e1..37dc3acba0 100644
> >>> --- a/libavcodec/cbs_h266_syntax_template.c
> >>> +++ b/libavcodec/cbs_h266_syntax_template.c
> >>> @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
> >>> RWContext *rw,
> >>> num_multi_layer_olss++;
> >>> }
> >>> }
> >>> + if (!current->vps_each_layer_is_an_ols_flag &&
> >>> num_multi_layer_olss == 0)
> >>> + return AVERROR_INVALIDDATA;
> >>> }
> >> The specification does not provide information on how to obtain
> >> TotalNumOlss (total_num_olss) when ols_mode_idc is set to 3.
> >> Therefore, the earlier line "u(8, vps_num_ptls_minus1, 0,
> >> total_num_olss -
> >> 1)" is undefined.
> >> We'd better return a patch welcome error instead of printing a warning
> >> before vps_num_ptls_minus1 line
> >
> > This is the same behaviour James suggested in an earlier patch. The spec
> > says "decoders conforming to this version of this Specification shall
> > ignore the OLSs with vps_ols_mode_idc equal to 3." I don't think this
> > should be an error as the spec is unambiguous here. Perhaps we can
> > instead skip the remainder of the VPS if vps_ols_mode_idc is 3? Or is
> > there some better way to ignore these OLSs?
>
> For reference, VTM's behaviour is the same as the current behaviour:
> TotalNumOlss is assumed to be 0 when ols_mode_idc, hence most of the
> remaining syntax elements in the VPS are not read as they are within
>
But once you read the vps_num_ptls_minus1, your behaviors are undefined.
because you do not know vps_num_ptls_minus1 should be less than
TotalNumOlss. and TotalNumOlss is undefined for ols_mode_idc == 3.
:)
>
> for (i = 0; i < total_num_olss; i++)
>
> loops or other loops with bounds derived from total_num_olss. On the
> other hand, VVdeC's behaviour is the same as you suggest: it throws an
> error if total_num_olss is 3.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-01-30 13:25 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-30 9:40 [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss post
2024-01-30 12:28 ` James Almer
2024-01-30 12:31 ` Nuo Mi
2024-01-30 12:55 ` Frank Plowman
2024-01-30 13:13 ` Frank Plowman
2024-01-30 13:25 ` Nuo Mi
2024-01-30 13:16 ` Nuo Mi
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git