After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 702003 - [libav] renegotiation might cause corrupted video
[libav] renegotiation might cause corrupted video
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-libav
1.x
Other All
: Normal normal
: 1.1.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2013-06-11 11:34 UTC by Thiago Sousa Santos
Modified: 2013-06-11 12:30 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
avviddec: reset coded_width/_height before trying to open codec (1.37 KB, patch)
2013-06-11 11:35 UTC, Thiago Sousa Santos 		committed Details | Review

Description Thiago Sousa Santos 2013-06-11 11:34:56 UTC 
According to libav docs:

    /**
     * Bitstream width / height, may be different from width/height.
     * - encoding: unused
     * - decoding: Set by user before init if known. Codec should override / dynamically change if needed.
     */
    int coded_width, coded_height;

But during a resolution renegotiation, those fields are kept as is between closing and opening the codec again, this leads to libav using the coded_width/_height as the final width/height. This causes a mismatch and the decoder can produce corrupted video or segfault.

This was discovered with the test stream from https://bugzilla.gnome.org/show_bug.cgi?id=700505 [dash video renegotiation issue]
Comment 1 Thiago Sousa Santos 2013-06-11 11:35:20 UTC 
Created attachment 246498 [details] [review]
avviddec: reset coded_width/_height before trying to open codec

If coded_width/_height is supplied, the codec might use it as the
width/height and if it is wrong can lead to segfaults or video
corruption.

This is specially harmful on renegotiation scenarios where the
resolution changed. There seems to be no specific function for reseting
the AV Context in libav, so just set it directly.
Comment 2 Thiago Sousa Santos 2013-06-11 11:37:08 UTC 
In avcodec_open2 you can find:

    if (avctx->coded_width && avctx->coded_height)
        avcodec_set_dimensions(avctx, avctx->coded_width, avctx->coded_height);
    else if (avctx->width && avctx->height)
        avcodec_set_dimensions(avctx, avctx->width, avctx->height);

That are the lines that set the coded_width/_height if available
Comment 3 Thiago Sousa Santos 2013-06-11 12:02:53 UTC 
commit dce9d85695d37b39c2a37b413a5b43d74c0db302
Author: Thiago Santos <thiago.sousa.santos@collabora.com>
Date:   Tue Jun 11 08:24:17 2013 -0300

    avviddec: reset coded_width/_height before trying to open codec
    
    If coded_width/_height is supplied, the codec might use it as the
    width/height and if it is wrong can lead to segfaults or video
    corruption.
    
    This is specially harmful on renegotiation scenarios where the
    resolution changed. There seems to be no specific function for reseting
    the AV Context in libav, so just set it directly.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=702003