[FFmpeg-devel] [PATCH] pngdec: add ability to check chunk CRC
Michael Niedermayer
michael at niedermayer.cc
Tue Mar 19 01:44:15 EET 2019
On Fri, Mar 08, 2019 at 03:15:40PM +0100, Lynne wrote:
> 7 Mar 2019, 21:22 by michael at niedermayer.cc:
>
> > On Thu, Mar 07, 2019 at 07:26:32PM +0100, Lynne wrote:
> >
> >> By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder
> >> will skip the chunk and carry on with the next one. This should make the
> >> decoder able to decode more corrupt files because the functions which decode
> >> individual chunks will very likely error out if fed invalid data and stop the
> >> decoding of the entire image.
> >> Should this be made default? CRC verification doesn't take long even for very
> >> large files.
> >> Also fix the length check for chunk size. It needs to take into account the
> >> 4 byte tag as well as the 4 byte CRC.
> >>
> >> pngdec.c | 19 ++++++++++++++++++-
> >> 1 file changed, 18 insertions(+), 1 deletion(-)
> >> 4255c91468cee2bc2fa757fae69762ff5ee5774a 0001-pngdec-add-ability-to-check-chunk-CRC.patch
> >> From 7aff99d12faf557753c5ee860a9672c7a09a26e3 Mon Sep 17 00:00:00 2001
> >> From: Lynne <>> dev at lynne.ee <mailto:dev at lynne.ee>>> >
> >> Date: Thu, 7 Mar 2019 18:15:23 +0000
> >> Subject: [PATCH] pngdec: add ability to check chunk CRC
> >>
> >> By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder
> >> will skip the chunk and carry on with the next one. This should make the
> >> decoder able to decode more corrupt files because the functions which decode
> >> individual chunks will very likely error out if fed invalid data and stop the
> >> decoding of the entire image.
> >> Should this be made default? CRC verification doesn't take long even for very
> >> large files.
> >>
> >
> > i would tend toward enabling it by default but maybe first post some
> > numbers of how much this changes decode time
> >
>
> For the largest png I found: https://vk.com/doc218587497_437472325?hash=51300ca9ba40f462ac&dl=1bcf9a57b0d989da1f <https://vk.com/doc218587497_437472325?hash=51300ca9ba40f462ac&dl=1bcf9a57b0d989da1f>
>
> There was no increase in decoding time, it took 2.3 seconds on my machine
> with and without -err_detect crccheck.
>
> With -err_detect crccheck perf reported 2.52% spent in av_crc
>
>
> >> Also fix the length check for chunk size. It needs to take into account the
> >> 4 byte tag as well as the 4 byte CRC.
> >>
> >
> > this should be a seperate patch as its unrelated
> >
>
> removed and attached new patch file
>
> Maybe always enabling the CRC check isn't worth it since if you download from
> the internet you could either get a full error-free file or an incomplete one
> rather than a corrupt one. Maybe only for torrents with huge png files where
> not all chunks have been downloaded yet, or broken hard drives, but the ignore_err
> flag could be manually enabled in those cases.
> pngdec.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
> 57ccb0b81aeca1e08bc0f1475c048007d7f32c26 0001-pngdec-add-ability-to-check-chunk-CRC.patch
> From b911d3cb36828ad3c910ca6bf8b96a58ce398191 Mon Sep 17 00:00:00 2001
> From: Lynne <dev at lynne.ee>
> Date: Thu, 7 Mar 2019 18:15:23 +0000
> Subject: [PATCH] pngdec: add ability to check chunk CRC
>
> By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder
> will skip the chunk and carry on with the next one. This should make the
> decoder able to decode more corrupt files because the functions which decode
> individual chunks will very likely error out if fed invalid data and stop the
> decoding of the entire image.
> ---
> libavcodec/pngdec.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
> index 189bb9a4c1..9743f1cb76 100644
> --- a/libavcodec/pngdec.c
> +++ b/libavcodec/pngdec.c
> @@ -23,6 +23,7 @@
>
> #include "libavutil/avassert.h"
> #include "libavutil/bprint.h"
> +#include "libavutil/crc.h"
> #include "libavutil/imgutils.h"
> #include "libavutil/stereo3d.h"
> #include "libavutil/mastering_display_metadata.h"
> @@ -1169,6 +1170,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s,
> static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
> AVFrame *p, AVPacket *avpkt)
> {
> + const AVCRC *crc_tab = av_crc_get_table(AV_CRC_32_IEEE_LE);
> AVDictionary **metadatap = NULL;
> uint32_t tag, length;
> int decode_next_dat = 0;
> @@ -1203,6 +1205,21 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
> ret = AVERROR_INVALIDDATA;
> goto fail;
> }
> + if (avctx->err_recognition & (AV_EF_CRCCHECK | AV_EF_IGNORE_ERR)) {
The usage of AV_EF_IGNORE_ERR is incorrect.
the code does the opposite of what the flag means
what the code does is handle errors when the flag says dont
> + uint32_t crc_sig = AV_RB32(s->gb.buffer + length + 4);
> + uint32_t crc_cal = ~av_crc(crc_tab, UINT32_MAX, s->gb.buffer, length + 4);
> + if (crc_sig ^ crc_cal) {
> + av_log(avctx, AV_LOG_ERROR, "CRC mismatch in chunk");
> + if (avctx->err_recognition & AV_EF_EXPLODE) {
> + av_log(avctx, AV_LOG_ERROR, ", quitting\n");
> + ret = AVERROR_INVALIDDATA;
> + goto fail;
> + }
> + av_log(avctx, AV_LOG_ERROR, ", skipping\n");
> + bytestream2_skip(&s->gb, 4); /* tag */
> + goto skip_tag;
for which tags is it better to skip them completely than to attempt
to decode ?
For essential tags where without it there is no output, decoding
should be better than skiping
Skiping a tag makes sense when theres a high chance decoding it would
make the output worse.
An example of this is data in a slice in MPEG after damage. This would ruin
the affected area with funny looking blocks. The error concealment code
filling that in from a previous frame is better looking and likely closer
to the original frame.
How does skiping a tag in a PNG that fails CRC improve the output ?
> + }
> + }
> tag = bytestream2_get_le32(&s->gb);
> if (avctx->debug & FF_DEBUG_STARTCODE)
> av_log(avctx, AV_LOG_DEBUG, "png: tag=%s length=%u\n",
> --
> 2.21.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190319/a06f78c1/attachment.sig>
More information about the ffmpeg-devel
mailing list