[FFmpeg-devel] [PATCH] avcodec/flac: check frame header crc only if requested

Fri Dec 9 03:16:59 EET 2016

On Thu, Dec 08, 2016 at 02:45:42PM -0300, James Almer wrote:
> On 12/8/2016 9:31 AM, Michael Niedermayer wrote:
> > FFmpeg decoders primary usecase is to decode for human consumption
> > for this producing the best quality possible and doing so fast is
> > the goal.
> > The default thus should be to do checks that improve quality
> > its probably better if fuzzers disable these checks instead of the
> > "default being changed"
> 
> This patch is needed for fuzzers to actually disable the check.
> I assume there's a high chance for fuzzers to change some bits on each
> frame header, and if the decoder aborts unconditionally right then and
> there then the fuzzing is unlikely to ever find any real bug in the code.
> 
> If a real file has a damaged frame header, then even if it doesn't abort
> at that point it will fail somewhere down the line anyway, due to a bogus
> channel count or framesize value.
> 
> > 
> > treating damaged headers as if they are valid will lead to bad
> > quality at the location where this occurs.
> > also this function is used by the parser and i _think_ the code expects
> > that it always checks the crc.
> 
> If this is true then this patch is not good.
> 
> > also for detecting the parameters of a stream, its important to use
> > a undamaged header otherwise the parameters could be more often wrong.
> > 
> > whatever default is used for err_recognition some checks like this
> > one should be enabled in that case
> > actually i thought we have a non zero default but it seems 0 in
> > libavcodec, i think this is bad as well.
> > With a 0 default nothing can be enabled by default (if the mask is all
> > positive with 0 being all disabled)
> 
> A couple years ago crccheck was the default value for err_recognition,
> but you sent a patch to disable it since it was affecting hevc decoding
> performance. I don't think that has changed since then.
> 

> Do we have a way to add codec dependent defaults for options like
> err_recognition? lossless codecs could then have crc enabled by default
> and lossy codecs have it disabled, for example.

AV_EF_CAREFUL is documented as
"///< consider things that violate the spec, are fast to calculate and have not been seen in the wild as errors"

id say this should be enabled by default and used for cases like this

if its not suitable for some reason, then we are missing some value
in the enum for this case.

the enum is in that case a bit like a language missing words to
describe what is actually meant.

also codecs can have CRCs on both headers and the data itself,
headers being small should always be fast to check, data itself may
be slow to check. a all on vs off could be insufficient for a
decoder.

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161209/6b61d4db/attachment.sig>