Opened 3 days ago

Last modified 21 hours ago

#11325 new defect

VVC decoder for streams with ALF and no CC-ALF

Reported by: Chris Warrington Owned by:
Priority: normal Component: avcodec
Version: 7.1 Keywords: vvc
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
The VVC decoder is using some uninitialized variables when decoding a VVC stream containing ALF, but without CC-ALF.

This is easiest to observe via valgrind.

% valgrind ffmpeg_g -i vvc_without_ccalf.mp4 -vcodec copy -f rawvideo -y /dev/null
ffmpeg version n7.1 Copyright (c) 2000-2024 the FFmpeg developers
built with gcc 11 (GCC)

...

==333109== Conditional jump or move depends on uninitialised value(s)
==333109==    at 0x1165DEA: ff_vvc_alf_filter (filter.c:1233)
==333109==    by 0xE8C6EE: run_alf (thread.c:598)
==333109==    by 0xE8D15F: task_run_stage (thread.c:647)
==333109==    by 0xE8D15F: task_run (thread.c:674)
==333109==    by 0x12F148A: run_one_task (executor.c:90)
==333109==    by 0x12F1843: av_executor_execute (executor.c:217)
==333109==    by 0xE8EBDE: ff_vvc_frame_submit (thread.c:825)
==333109==    by 0xE4E8B1: submit_frame (dec.c:942)
==333109==    by 0xE4E8B1: vvc_decode_frame (dec.c:1006)
==333109==    by 0x99030A: decode_simple_internal (decode.c:442)
==333109==    by 0x99030A: decode_simple_receive_frame (decode.c:612)
==333109==    by 0x99030A: ff_decode_receive_frame_internal (decode.c:648)
==333109==    by 0x990854: decode_receive_frame_internal (decode.c:665)
==333109==    by 0x990B19: avcodec_send_packet (decode.c:752)
==333109==    by 0x75F67A: try_decode_frame (demux.c:2156)
==333109==    by 0x7642CB: avformat_find_stream_info (demux.c:2840)

The below patch fixes the issue. The CC-ALF indexes are initialized to 0 always instead of only when CC-ALF enabled, as alf->ctb_cc_idc is used unconditionally without checking if CC-ALF is on in a couple places.

diff --git a/libavcodec/vvc/ctu.c b/libavcodec/vvc/ctu.c
index b33ad576cf..d369ce8fbf 100644
--- a/libavcodec/vvc/ctu.c
+++ b/libavcodec/vvc/ctu.c
@@ -2286,6 +2286,7 @@ static void alf_params(VVCLocalContext *lc, const int rx, const int ry)
     ALFParams *alf                = &CTB(fc->tab.alf, rx, ry);

     alf->ctb_flag[LUMA] = alf->ctb_flag[CB] = alf->ctb_flag[CR] = 0;
+    alf->ctb_cc_idc[0] = alf->ctb_cc_idc[1] = 0;
     if (sh->sh_alf_enabled_flag) {
         alf->ctb_flag[LUMA] = ff_vvc_alf_ctb_flag(lc, rx, ry, LUMA);
         if (alf->ctb_flag[LUMA]) {
@@ -2316,7 +2317,6 @@ static void alf_params(VVCLocalContext *lc, const int rx, const int ry)
         const uint8_t cc_enabled[] = { sh->sh_alf_cc_cb_enabled_flag, sh->sh_alf_cc_cr_enabled_flag };
         const uint8_t cc_aps_id[]  = { sh->sh_alf_cc_cb_aps_id, sh->sh_alf_cc_cr_aps_id };
         for (int i = 0; i < 2; i++) {
-            alf->ctb_cc_idc[i] = 0;
             if (cc_enabled[i]) {
                 const VVCALF *aps = fc->ps.alf_list[cc_aps_id[i]];
                 alf->ctb_cc_idc[i] = ff_vvc_alf_ctb_cc_idc(lc, rx, ry, i, aps->num_cc_filters[i]);

Attachments (1)

vvc_without_ccalf.266 (208.4 KB ) - added by Chris Warrington 3 days ago.
VVC stream with ALF enabled and CC-ALF disabled

Download all attachments as: .zip

Change History (4)

by Chris Warrington, 3 days ago

Attachment: vvc_without_ccalf.266 added

VVC stream with ALF enabled and CC-ALF disabled

comment:1 by Chris Warrington, 3 days ago

Summary: VVC decoderVVC decoder for streams with ALF and no CC-ALF

comment:2 by Frank Plowman, 21 hours ago

Hi Chris, thanks for reporting this.

I can reproduce the issue and confirm that your patch fixes it. Could you please send the match to the mailing list?

Thanks again,
Frank

Version 0, edited 21 hours ago by Frank Plowman (next)

comment:3 by Frank Plowman, 21 hours ago

Reproduced by developer: set
Note: See TracTickets for help on using tickets.