[FFmpeg-devel] [PATCH v3] avcodec/h264dec: apply H.274 film grain

Michael Niedermayer michael at niedermayer.cc
Tue Sep 14 00:38:45 EEST 2021 

On Tue, Aug 17, 2021 at 09:54:56PM +0200, Niklas Haas wrote:
> From: Niklas Haas <git at haasn.dev>
> 
> Because we need access to ref frames without film grain applied, we have
> to add an extra AVFrame to H264Picture to avoid messing with the
> original. This requires some amount of overhead to make the reference
> moves work out, but it allows us to benefit from frame multithreading
> for film grain application "for free".
> 
> Unfortunately, this approach requires twice as much RAM to be constantly
> allocated for ref frames, due to the need for an extra buffer per
> H264Picture. In theory, we could get away with freeing up this memory as
> soon as it's no longer needed (since ref frames do not need film grain
> buffers any longer), but trying to call ff_thread_release_buffer() from
> output_frame() conflicts with possible later accesses to that same frame
> and I'm not sure how to synchronize that well.
> 
> Tested on all three cases of (no fg), (fg present but exported) and (fg
> present and not exported), with and without threading.
> 
> Signed-off-by: Niklas Haas <git at haasn.dev>
> ---
>  libavcodec/h264_picture.c | 35 +++++++++++++++++++++++--
>  libavcodec/h264_slice.c   | 16 ++++++++++--
>  libavcodec/h264dec.c      | 55 ++++++++++++++++++++++++++-------------
>  libavcodec/h264dec.h      |  6 +++++
>  4 files changed, 90 insertions(+), 22 deletions(-)

This causes aborts (tested latest git master as of this mail)

Assertion sd failed at libavcodec/h264_picture.c:255
==26500== ERROR: libFuzzer: deadly signal
    #0 0x49f9d1 in __sanitizer_print_stack_trace /b/swarming/w/ir/cache/builder/src/third_party/llvm/compiler-rt/lib/asan/asan_stack.cc:86:3
    #1 0x18c45de in fuzzer::Fuzzer::CrashCallback() /home/michael/libfuzzer-2017-10-newclang/Fuzzer/build/../FuzzerLoop.cpp:196:5
    #2 0x18c45ad in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/michael/libfuzzer-2017-10-newclang/Fuzzer/build/../FuzzerLoop.cpp:175:6
    #3 0x7f200a40997f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1297f)
    #4 0x7f2008b31fb6 in __libc_signal_restore_set /build/glibc-S9d2JN/glibc-2.27/signal/../sysdeps/unix/sysv/linux/nptl-signals.h:80
    #5 0x7f2008b31fb6 in gsignal /build/glibc-S9d2JN/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:48
    #6 0x7f2008b33920 in abort /build/glibc-S9d2JN/glibc-2.27/stdlib/abort.c:79
    #7 0xafcd86 in ff_h264_field_end /home/michael/ffmpeg-git/ffmpeg/libavcodec/h264_picture.c:255:9
    #8 0x5514da in h264_decode_frame /home/michael/ffmpeg-git/ffmpeg/libavcodec/h264dec.c:1041:20
    #9 0x523712 in decode_simple_internal /home/michael/ffmpeg-git/ffmpeg/libavcodec/decode.c:326:15
    #10 0x502a21 in decode_simple_receive_frame /home/michael/ffmpeg-git/ffmpeg/libavcodec/decode.c:517:15
    #11 0x502a21 in decode_receive_frame_internal /home/michael/ffmpeg-git/ffmpeg/libavcodec/decode.c:537
    #12 0x50204f in avcodec_send_packet /home/michael/ffmpeg-git/ffmpeg/libavcodec/decode.c:604:15
    #13 0x4cc093 in LLVMFuzzerTestOneInput /home/michael/ffmpeg-git/ffmpeg/tools/target_dec_fuzzer.c:387:25
    #14 0x18c55cd in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/michael/libfuzzer-2017-10-newclang/Fuzzer/build/../FuzzerLoop.cpp:495:13
    #15 0x18ba1a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/michael/libfuzzer-2017-10-newclang/Fuzzer/build/../FuzzerDriver.cpp:273:6
    #16 0x18bf3a1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/michael/libfuzzer-2017-10-newclang/Fuzzer/build/../FuzzerDriver.cpp:690:9
    #17 0x18b9e80 in main /home/michael/libfuzzer-2017-10-newclang/Fuzzer/build/../FuzzerMain.cpp:20:10
    #18 0x7f2008b14bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
    #19 0x41f129 in _start (/home/michael/ffmpeg-git/ffmpeg/tools/target_dec_h264_fuzzer+0x41f129)

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210913/c67a5f55/attachment.sig>

More information about the ffmpeg-devel mailing list