[FFmpeg-devel] [PATCH v2] avformat/mov: add option max_stts_delta

Michael Niedermayer michael at niedermayer.cc
Wed Nov 24 21:26:32 EET 2021 

On Wed, Nov 24, 2021 at 10:58:00AM +0530, Gyan Doshi wrote:
> 
> 
> On 2021-11-24 01:16 am, Michael Niedermayer wrote:
> > On Tue, Nov 23, 2021 at 06:41:06PM +0530, Gyan Doshi wrote:
> > > Very high stts sample deltas may occasionally be intended but usually
> > > they are written in error or used to store a negative value for dts correction
> > > when treated as signed 32-bit integers.
> > > 
> > > This option lets the user set an upper limit, beyond which the delta
> > > is clamped to 1. Negative values of under 1 second are used to adjust
> > > dts.
> > > 
> > > Unit is the track time scale. Default is INT_MAX which maintains current handling.
> > > ---
> > >   doc/demuxers.texi  |  6 ++++++
> > >   libavformat/isom.h |  1 +
> > >   libavformat/mov.c  | 14 +++++++++-----
> > >   3 files changed, 16 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/doc/demuxers.texi b/doc/demuxers.texi
> > > index cab8a7072c..15078b9b1b 100644
> > > --- a/doc/demuxers.texi
> > > +++ b/doc/demuxers.texi
> > > @@ -713,6 +713,12 @@ specify.
> > >   @item decryption_key
> > >   16-byte key, in hex, to decrypt files encrypted using ISO Common Encryption (CENC/AES-128 CTR; ISO/IEC 23001-7).
> > > +
> > > + at item max_stts_delta
> > > +The sample offsets stored in a track's stts box are 32-bit unsigned integers. However, very large values usually indicate
> > > +a value written by error or a storage of a small negative value as a way to correct accumulated DTS delay.
> > > +Range is 0 to UINT_MAX. Default is INT_MAX.
> > > +
> > >   @end table
> > >   @subsection Audible AAX
> > > diff --git a/libavformat/isom.h b/libavformat/isom.h
> > > index ef8f19b18c..625dea8421 100644
> > > --- a/libavformat/isom.h
> > > +++ b/libavformat/isom.h
> > > @@ -305,6 +305,7 @@ typedef struct MOVContext {
> > >       int32_t movie_display_matrix[3][3]; ///< display matrix from mvhd
> > >       int have_read_mfra_size;
> > >       uint32_t mfra_size;
> > > +    uint32_t max_stts_delta;
> > >   } MOVContext;
> > >   int ff_mp4_read_descr_len(AVIOContext *pb);
> > > diff --git a/libavformat/mov.c b/libavformat/mov.c
> > > index 451cb78bbf..bbda07ac42 100644
> > > --- a/libavformat/mov.c
> > > +++ b/libavformat/mov.c
> > > @@ -3965,14 +3965,17 @@ static void mov_build_index(MOVContext *mov, AVStream *st)
> > >                   current_offset += sample_size;
> > >                   stream_size += sample_size;
> > > -                /* A negative sample duration is invalid based on the spec,
> > > -                 * but some samples need it to correct the DTS. */
> > > -                if (sc->stts_data[stts_index].duration < 0) {
> > > +                /* STTS sample offsets are uint32 but some files store it as int32
> > > +                 * with negative values used to correct DTS delays.
> > > +                   There may be abnormally large values as well. */
> > > +                if (sc->stts_data[stts_index].duration > mov->max_stts_delta) {
> > > +                    // assume high delta is a negative correction if less than 1 second
> > > +                    int32_t delta_magnitude = *((int32_t *)&sc->stts_data[stts_index].duration);
> > >                       av_log(mov->fc, AV_LOG_WARNING,
> > > -                           "Invalid SampleDelta %d in STTS, at %d st:%d\n",
> > > +                           "Correcting too large SampleDelta %u in STTS, at %d st:%d.\n",
> > >                              sc->stts_data[stts_index].duration, stts_index,
> > >                              st->index);
> > > -                    dts_correction += sc->stts_data[stts_index].duration - 1;
> > > +                    dts_correction += (delta_magnitude < 0 && FFABS(delta_magnitude) < sc->time_scale ? delta_magnitude - 1 : 0);
> > >                       sc->stts_data[stts_index].duration = 1;
> > >                   }
> > >                   current_dts += sc->stts_data[stts_index].duration;
> > > @@ -8566,6 +8569,7 @@ static const AVOption mov_options[] = {
> > >       { "decryption_key", "The media decryption key (hex)", OFFSET(decryption_key), AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
> > >       { "enable_drefs", "Enable external track support.", OFFSET(enable_drefs), AV_OPT_TYPE_BOOL,
> > >           {.i64 = 0}, 0, 1, FLAGS },
> > > +    { "max_stts_delta", "treat offsets above this value as invalid", OFFSET(max_stts_delta), AV_OPT_TYPE_INT, {.i64 = INT_MAX}, 0, UINT_MAX, .flags = AV_OPT_FLAG_DECODING_PARAM },
> > >       { NULL },
> > >   };
> > The stts is used in other places, the value parsed as unsigned will cause
> > problems there too
> I see stts duration used in 3 places in mov.c
> 
> mov_read_stts(), which my earlier patch changed.
> 
> mov_build_index(), which this patch changes,
> 
> mov_read_trak() where frame rate is populated for CFR streams and is called
> very shortly after mov_build_index().
> I don't think that can break for non-malformed files as the only duration
> entry in the stream is not likely to be > INT_MAX
> In any case, after this patch, with default option value, it will see the
> same values as earlier.
> 

If iam not mistaken there is code that adds the values up to initilize some
duration. this works with 64bit so the small negative values interpreted as
unsigned will result in a wrong result i would expect
that may very well not be the only issue


> > the cast is also fragile as it will break when someone tries to change it
> > to int64
> 
> In what circumstances would that happen?

when someone tries to change the code.
having both signed and unsigned 32bit in a 32bit element screams
almost to have someone change this and simplify the code or fix some
bugs related to it


[...]
> > also please select the default so that it works with all real world files
> 
> No single value can all work for all files. Hence the option.

but what i wrote was about all real world files.
Sure you can make a file that fails but so far the files i have seen and
the ones you told me about all would work with 49% of all possibly defaults
why do you pick a default that doesnt work with them and then argue about
that ?
Lets try to fix the code not win the argument please

[...]

> My file had slightly different offsets of 7 hrs in both audio and video
> tracks with a time scale of 90000 in both tracks, recorded using Wowza.

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 2
"100% positive feedback" - "All either got their money back or didnt complain"
"Best seller ever, very honest" - "Seller refunded buyer after failed scam"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20211124/cb554603/attachment.sig>

More information about the ffmpeg-devel mailing list