#11325: VVC decoder
-------------------------------------+-------------------------------------
Reporter: Chris | Type: defect
Warrington |
Status: new | Priority: normal
Component: avcodec | Version: 7.1
Keywords: vvc | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
The VVC decoder is using some uninitialized variables when decoding a VVC
stream containing ALF, but without CC-ALF.
This is easiest to observe via valgrind.
{{{
% valgrind ffmpeg_g -i vvc_without_ccalf.mp4 -vcodec copy -f rawvideo -y
/dev/null
ffmpeg version n7.1 Copyright (c) 2000-2024 the FFmpeg developers
built with gcc 11 (GCC)
...
==333109== Conditional jump or move depends on uninitialised value(s)
==333109== at 0x1165DEA: ff_vvc_alf_filter (filter.c:1233)
==333109== by 0xE8C6EE: run_alf (thread.c:598)
==333109== by 0xE8D15F: task_run_stage (thread.c:647)
==333109== by 0xE8D15F: task_run (thread.c:674)
==333109== by 0x12F148A: run_one_task (executor.c:90)
==333109== by 0x12F1843: av_executor_execute (executor.c:217)
==333109== by 0xE8EBDE: ff_vvc_frame_submit (thread.c:825)
==333109== by 0xE4E8B1: submit_frame (dec.c:942)
==333109== by 0xE4E8B1: vvc_decode_frame (dec.c:1006)
==333109== by 0x99030A: decode_simple_internal (decode.c:442)
==333109== by 0x99030A: decode_simple_receive_frame (decode.c:612)
==333109== by 0x99030A: ff_decode_receive_frame_internal (decode.c:648)
==333109== by 0x990854: decode_receive_frame_internal (decode.c:665)
==333109== by 0x990B19: avcodec_send_packet (decode.c:752)
==333109== by 0x75F67A: try_decode_frame (demux.c:2156)
==333109== by 0x7642CB: avformat_find_stream_info (demux.c:2840)
}}}
The below patch fixes the issue. The CC-ALF indexes are initialized to 0
always instead of only when CC-ALF enabled, as alf->ctb_cc_idc is used
unconditionally without checking if CC-ALF is on in a couple places.
{{{
diff --git a/libavcodec/vvc/ctu.c b/libavcodec/vvc/ctu.c
index b33ad576cf..d369ce8fbf 100644
--- a/libavcodec/vvc/ctu.c
+++ b/libavcodec/vvc/ctu.c
@@ -2286,6 +2286,7 @@ static void alf_params(VVCLocalContext *lc, const
int rx, const int ry)
ALFParams *alf = &CTB(fc->tab.alf, rx, ry);
alf->ctb_flag[LUMA] = alf->ctb_flag[CB] = alf->ctb_flag[CR] = 0;
+ alf->ctb_cc_idc[0] = alf->ctb_cc_idc[1] = 0;
if (sh->sh_alf_enabled_flag) {
alf->ctb_flag[LUMA] = ff_vvc_alf_ctb_flag(lc, rx, ry, LUMA);
if (alf->ctb_flag[LUMA]) {
@@ -2316,7 +2317,6 @@ static void alf_params(VVCLocalContext *lc, const
int rx, const int ry)
const uint8_t cc_enabled[] = { sh->sh_alf_cc_cb_enabled_flag,
sh->sh_alf_cc_cr_enabled_flag };
const uint8_t cc_aps_id[] = { sh->sh_alf_cc_cb_aps_id,
sh->sh_alf_cc_cr_aps_id };
for (int i = 0; i < 2; i++) {
- alf->ctb_cc_idc[i] = 0;
if (cc_enabled[i]) {
const VVCALF *aps = fc->ps.alf_list[cc_aps_id[i]];
alf->ctb_cc_idc[i] = ff_vvc_alf_ctb_cc_idc(lc, rx, ry, i,
aps->num_cc_filters[i]);
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11325>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
