On 09/01/17 00:11, Mark Thompson wrote:
> Also adds some extra fields to the main context structure that may
> be needed by a hwaccel decoder.
>
> (cherry picked from commit 4e528206bc4d968706401206cf54471739250ec7)
> ---
> On 08/01/17 23:37, Michael Niedermayer wrote:
>> On Mon, Jan 09, 2017 at 12:32:30AM +0100, Michael Niedermayer wrote:
>>> On Sun, Jan 08, 2017 at 06:14:45PM +0000, Mark Thompson wrote:
>>>> Also adds some extra fields to the main context structure that may
>>>> be needed by a hwaccel decoder.
>>>>
>>>> (cherry picked from commit 4e528206bc4d968706401206cf54471739250ec7)
>>>> ---
>>>> libavcodec/vp8.c | 193
>>>> +++++++++++++++++++++++++++++++++++++------------------
>>>> libavcodec/vp8.h | 32 +++++++++
>>>> 2 files changed, 161 insertions(+), 64 deletions(-)
>>>
>>> This breaks
>>>
>>> make fate-webp-rgba-lossy-q80
>>>
>>> TEST webp-rgba-lossy-q80
>>> --- ./tests/ref/fate/webp-rgba-lossy-q80 2017-01-08
>>> 23:01:44.560754747 +0100
>>> +++ tests/data/fate/webp-rgba-lossy-q80 2017-01-09 00:32:50.896869909 +0100
>>> @@ -1,6 +0,0 @@
>>> -#tb 0: 1/25
>>> -#media_type 0: video
>>> -#codec_id 0: rawvideo
>>> -#dimensions 0: 12x8
>>> -#sar 0: 0/1
>>> -0, 0, 0, 1, 240, 0xc56c96c3
>>> Test webp-rgba-lossy-q80 failed. Look at
>>> tests/data/fate/webp-rgba-lossy-q80.err for details.
>>> make: *** [fate-webp-rgba-lossy-q80] Error 139
>>
>> ==5840== Invalid write of size 1
>> ==5840== at 0xC3FCB5: vp8_lossy_decode_alpha (webp.c:1304)
>> ==5840== by 0xC3FE51: vp8_lossy_decode_frame (webp.c:1346)
>> ==5840== by 0xC40146: webp_decode_frame (webp.c:1404)
>> ==5840== by 0xB41EB8: avcodec_decode_video2 (utils.c:2258)
>> ==5840== by 0xB43E6D: do_decode (utils.c:2789)
>> ==5840== by 0xB44268: avcodec_send_packet (utils.c:2878)
>> ==5840== by 0x756D6A: try_decode_frame (utils.c:2983)
>> ==5840== by 0x759BCD: avformat_find_stream_info (utils.c:3684)
>> ==5840== by 0x41BA22: open_input_file (ffmpeg_opt.c:1021)
>> ==5840== by 0x425205: open_files (ffmpeg_opt.c:3222)
>> ==5840== by 0x425388: ffmpeg_parse_options (ffmpeg_opt.c:3262)
>> ==5840== by 0x43AE28: main (ffmpeg.c:4553)
>> ==5840== Address 0x0 is not stack'd, malloc'd or (recently) free'd
>
> Hmm, thanks for noticing that.
>
> The webp decoder for an image with an alpha plane is abusing the vp8 decoder
> by overwriting the pix_fmt and then assuming that it won't be set again via
> ff_get_format(). The crash comes because the webp decoder has set pix_fmt to
> YUVA420P and assumed that the vp8 decoder will allocate its frames as that,
> but the vp8 decoder has found a YUV420P stream (as it always does, since that
> is the only format VP8 can be) and therefore allocated YUV420P frames. When
> the webp decoder then tries to copy into the alpha plane it dies because
> there is no alpha plane.
>
> I can hack around it with something like following? (Whole patch including
> it surrounding.)
>
> - if (!is_vp7 && s->pix_fmt == AV_PIX_FMT_NONE) {
> + if (!is_vp7 && avctx->pix_fmt == AV_PIX_FMT_YUVA420P) {
> + // Hack: this is actually the webp decoder, don't call
> ff_get_format().
> + s->pix_fmt = AV_PIX_FMT_YUV420P;
> + } else if (!is_vp7 && s->pix_fmt == AV_PIX_FMT_NONE) {
>
> Alternatively, we could add something explicit to signal to the vp8 decoder
> that the intended format is fixed and ff_get_format() shouldn't be called?
(Patches 1-13 applied.)
Ping for any opinion what to do with the webp use of the vp8 decoder.
Thanks,
- Mark
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
