[FFmpeg-devel] [PATCH/RFC] libavcodec/cinepak: Separate decoding from parsing
Tomas Härdin
tjoppen at acc.umu.se
Mon Sep 2 12:17:06 EEST 2019
sön 2019-09-01 klockan 23:07 +0200 skrev Carl Eugen Hoyos:
> Am So., 1. Sept. 2019 um 22:58 Uhr schrieb Tomas Härdin <
> tjoppen at acc.umu.se>:
>
> > Attached patch separates parsing from decoding in the Cinepak decoder.
> > It puts in some rather strict checks which are in line with how I've
> > figured the VfW 1.1 decoder works. Parsing is still intermixed with
> > validation, but the code should be much easier to read this way
> > compared to before. Some avpriv_request_sample()s should probably be
> > switched to outright rejection, I haven't decided yet
>
> Your patch looks to me as if it would break decoding broken samples
> instead of returning as much decoded data as is possible with the
> input.
For some definitions of broken, yes. There is a contradiction between
safe, efficient parsing and just how broken bitstreams a particular
decoder will accept.
Until recently the definition of "not-broken" was "has enough bytes to
decode to a few lines of garbage"
Michael's recently suggested patch would define broken as "has too few
bytes to decode as an entire skip frame". This would change the
decoder's behavior for some class of files (gasp!)
My suggestion is that we should be very specific in what we accept,
backed up by samples in FATE. We should explicitly not worry about
files that someone somewhere might be able to generate which we
successfully reject. Else we cannot refactor with confidence.
/Tomas
More information about the ffmpeg-devel
mailing list