[FFmpeg-devel] [PATCH] avcodec/dovi_rpudec: replace brittle struct copying code
Cosmin Stejerean
cosmin at cosmin.at
Thu Jun 6 00:24:05 EEST 2024
> On Jun 5, 2024, at 5:23 AM, Niklas Haas <ffmpeg at haasn.xyz> wrote:
>
> On Wed, 05 Jun 2024 12:07:08 +0200 Andreas Rheinhardt <andreas.rheinhardt at outlook.com> wrote:
>> Niklas Haas:
>>> From: Niklas Haas <git at haasn.dev>
>>>
>>> This code was unnecessarily trying to be robust against downgrades of
>>> libavutil (relative to the version libavcodec was compiled against), but
>>> in the process, ended up with very brittle code that is easy to
>>> accidentally forget to update when adding new fields.
>>>
>>> Instead, do the obvious thing and just directly copy the parts of the
>>> struct known at compile time. Since it is not generally supported to
>>> link against a version of libavutil older than the version libavcodec
>>> was compiled against, the struct shrinking externally is not a case we
>>> need to be worrying about.
>>
>> The exact opposite is true: The code is trying to be robust against
>> upgrades of libavutil. The reason for this is potential trailing padding
>> in the structures that are copied here. It may be used for actual stuff
>> in a future libavutil and the approach you use here allows the compiler
>> to clobber it.
>>
>> (How would this code be robust against downgrades of libavutil at all?
>> There is no check here that sizeof of the side data is big enough to
>> contain everything we expect it to contain.)
>
> I should clearly not write code immediately after waking up.
>
> Yes, true, the only thing this logic is trying to accomplish is being
> robust against the struct gaining extra padding in the future.
>
> That said, I still think the code as written is brittle and I'm not sure
> it's providing anything useful. What is the likelihood of this struct
> being extended in a way that does not affect the encoder, vs. the
> likelihood of this struct being extended but somebody forgetting to bump
> the equivalent "last field" entry in this file?
>
> Anecdotally, the latter has already happened once.
+1, having already tripped on this on my patch to add ext_mapping_idc* fields I can confirm that it's easy to trip on this, easy to miss unless you carefully inspect the RPU afterwards, and then hard to spot where the problem is without having to trace through the code and catch this copy.
The new approach seems much better in practice.
- Cosmin
More information about the ffmpeg-devel
mailing list