[FFmpeg-devel] avcodec/snowdec: Check intra block dc differences.

Fixes: Timeout
Fixes: 3142/clusterfuzz-testcase-5007853163118592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/snowdec.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

On Mon,  4 Sep 2017 18:11:44 +0200
Michael Niedermayer <michael@niedermayer.cc> wrote:

> Fixes: Timeout
> Fixes: 3142/clusterfuzz-testcase-5007853163118592
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Wasn't this patch rejected before?

Can't we just remove this codec? It has no use other than causing
potential security issues and maintenance.

On 9/4/17, wm4 <nfxjfg@googlemail.com> wrote:
> On Mon,  4 Sep 2017 18:11:44 +0200
> Michael Niedermayer <michael@niedermayer.cc> wrote:
>
>> Fixes: Timeout
>> Fixes: 3142/clusterfuzz-testcase-5007853163118592
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>
> Wasn't this patch rejected before?

No.

>
> Can't we just remove this codec? It has no use other than causing
> potential security issues and maintenance.

No.

On 9/4/2017 2:23 PM, wm4 wrote:
> On Mon,  4 Sep 2017 18:11:44 +0200
> Michael Niedermayer <michael@niedermayer.cc> wrote:
> 
>> Fixes: Timeout
>> Fixes: 3142/clusterfuzz-testcase-5007853163118592
>>
>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> 
> Wasn't this patch rejected before?

Ronald rejected the previous version because of the obscure error
messages. I suggested an alternative and Michael sent a new patch
following it.

If this is also not ok then please say so. That way the error messages
can be removed before pushing the patch and we can go back to focus on
things worth discussing.

> 
> Can't we just remove this codec? It has no use other than causing
> potential security issues and maintenance.

I agree about removing the encoder, but the decoder is needed for
existing streams. Unless everyone just argues it has no real world
samples for being an avcodec-only toy codec.

If you send a patch removing the encoder without also trying to remove
all the things that currently depend on it (One or two filters i think)
then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
testing, fate or otherwise, that might require a native encoder.

On Mon, Sep 04, 2017 at 02:36:45PM -0300, James Almer wrote:
> On 9/4/2017 2:23 PM, wm4 wrote:
> > On Mon,  4 Sep 2017 18:11:44 +0200
> > Michael Niedermayer <michael@niedermayer.cc> wrote:
> > 
> >> Fixes: Timeout
> >> Fixes: 3142/clusterfuzz-testcase-5007853163118592
> >>
> >> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > 
> > Wasn't this patch rejected before?
> 
> Ronald rejected the previous version because of the obscure error
> messages. I suggested an alternative and Michael sent a new patch
> following it.
> 
> If this is also not ok then please say so. That way the error messages
> can be removed before pushing the patch and we can go back to focus on
> things worth discussing.
> 

> > 
> > Can't we just remove this codec? It has no use other than causing
> > potential security issues and maintenance.
> 
> I agree about removing the encoder, but the decoder is needed for
> existing streams. Unless everyone just argues it has no real world
> samples for being an avcodec-only toy codec.
> 
> If you send a patch removing the encoder without also trying to remove
> all the things that currently depend on it (One or two filters i think)
> then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
> testing, fate or otherwise, that might require a native encoder.

I find it a bit offensive that people suggest to remove the encoder i
maintain.

[...]

On Mon, 4 Sep 2017 20:16:20 +0200
Michael Niedermayer <michael@niedermayer.cc> wrote:

> On Mon, Sep 04, 2017 at 02:36:45PM -0300, James Almer wrote:
> > On 9/4/2017 2:23 PM, wm4 wrote:  
> > > On Mon,  4 Sep 2017 18:11:44 +0200
> > > Michael Niedermayer <michael@niedermayer.cc> wrote:
> > >   
> > >> Fixes: Timeout
> > >> Fixes: 3142/clusterfuzz-testcase-5007853163118592
> > >>
> > >> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > >> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>  
> > > 
> > > Wasn't this patch rejected before?  
> > 
> > Ronald rejected the previous version because of the obscure error
> > messages. I suggested an alternative and Michael sent a new patch
> > following it.
> > 
> > If this is also not ok then please say so. That way the error messages
> > can be removed before pushing the patch and we can go back to focus on
> > things worth discussing.
> >   
> 
> > > 
> > > Can't we just remove this codec? It has no use other than causing
> > > potential security issues and maintenance.  
> > 
> > I agree about removing the encoder, but the decoder is needed for
> > existing streams. Unless everyone just argues it has no real world
> > samples for being an avcodec-only toy codec.
> > 
> > If you send a patch removing the encoder without also trying to remove
> > all the things that currently depend on it (One or two filters i think)
> > then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
> > testing, fate or otherwise, that might require a native encoder.  
> 
> I find it a bit offensive that people suggest to remove the encoder i
> maintain.

Can I add my own unused fringe codec with no users, as long as I
maintain it?

On 9/4/2017 3:16 PM, Michael Niedermayer wrote:
> On Mon, Sep 04, 2017 at 02:36:45PM -0300, James Almer wrote:
>> On 9/4/2017 2:23 PM, wm4 wrote:
>>> On Mon,  4 Sep 2017 18:11:44 +0200
>>> Michael Niedermayer <michael@niedermayer.cc> wrote:
>>>
>>>> Fixes: Timeout
>>>> Fixes: 3142/clusterfuzz-testcase-5007853163118592
>>>>
>>>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>>>
>>> Wasn't this patch rejected before?
>>
>> Ronald rejected the previous version because of the obscure error
>> messages. I suggested an alternative and Michael sent a new patch
>> following it.
>>
>> If this is also not ok then please say so. That way the error messages
>> can be removed before pushing the patch and we can go back to focus on
>> things worth discussing.
>>
> 
>>>
>>> Can't we just remove this codec? It has no use other than causing
>>> potential security issues and maintenance.
>>
>> I agree about removing the encoder, but the decoder is needed for
>> existing streams. Unless everyone just argues it has no real world
>> samples for being an avcodec-only toy codec.
>>
>> If you send a patch removing the encoder without also trying to remove
>> all the things that currently depend on it (One or two filters i think)
>> then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
>> testing, fate or otherwise, that might require a native encoder.
> 
> I find it a bit offensive that people suggest to remove the encoder i
> maintain.

Sending a patch to remove something can mean the start of a discussion,
and not that it will be inevitably applied.
If you don't agree with it you can argue against the patch. It's what
has happened plenty of times (There were like three attempts to remove
libmpcodecs each with its own patch before it was finally accepted by
everyone). So please, don't be offended. I'm sure plenty of people think
the redspark demuxer is a waste of bits and I wouldn't find it odd if
someone sends a patch to purge it. I would if anything argue against its
removal.

Also, this all is assuming wm4 actually sends a patch for this purpose.

Hi,

On Mon, Sep 4, 2017 at 12:11 PM, Michael Niedermayer <michael@niedermayer.cc
> wrote:

>          if(type){
> +            int ld, cbd, crd;
>              pred_mv(s, &mx, &my, 0, left, top, tr);
> -            l += get_symbol(&s->c, &s->block_state[32], 1);
> +            ld = get_symbol(&s->c, &s->block_state[32], 1);
> +            if (ld < -255 || ld > 255) {
> +                av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of range)
> intra luma block DC difference %d\n", ld);
> +                return AVERROR_INVALIDDATA;
> +            }
> +            l += ld;
>              if (s->nb_planes > 2) {
> -                cb+= get_symbol(&s->c, &s->block_state[64], 1);
> -                cr+= get_symbol(&s->c, &s->block_state[96], 1);
> +                cbd = get_symbol(&s->c, &s->block_state[64], 1);
> +                crd = get_symbol(&s->c, &s->block_state[96], 1);
> +                if (cbd < -255 || cbd > 255 || crd < -255 || crd > 255) {
> +                    av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of
> range) intra chroma block DC difference %d, %d\n", cbd, crd);
> +                    return AVERROR_INVALIDDATA;
> +                }
> +                cb += cbd;
> +                cr += crd;
>              }


I recognize the great improvements in your messages. They are much better
than before. They are still not appropriate for display to end users.
Please use ff_tlog(), as was suggested in the original thread.

Ronald

On 9/4/2017 11:00 PM, Ronald S. Bultje wrote:
> Hi,
> 
> On Mon, Sep 4, 2017 at 12:11 PM, Michael Niedermayer <michael@niedermayer.cc
>> wrote:
> 
>>          if(type){
>> +            int ld, cbd, crd;
>>              pred_mv(s, &mx, &my, 0, left, top, tr);
>> -            l += get_symbol(&s->c, &s->block_state[32], 1);
>> +            ld = get_symbol(&s->c, &s->block_state[32], 1);
>> +            if (ld < -255 || ld > 255) {
>> +                av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of range)
>> intra luma block DC difference %d\n", ld);
>> +                return AVERROR_INVALIDDATA;
>> +            }
>> +            l += ld;
>>              if (s->nb_planes > 2) {
>> -                cb+= get_symbol(&s->c, &s->block_state[64], 1);
>> -                cr+= get_symbol(&s->c, &s->block_state[96], 1);
>> +                cbd = get_symbol(&s->c, &s->block_state[64], 1);
>> +                crd = get_symbol(&s->c, &s->block_state[96], 1);
>> +                if (cbd < -255 || cbd > 255 || crd < -255 || crd > 255) {
>> +                    av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of
>> range) intra chroma block DC difference %d, %d\n", cbd, crd);
>> +                    return AVERROR_INVALIDDATA;
>> +                }
>> +                cb += cbd;
>> +                cr += crd;
>>              }
> 
> 
> I recognize the great improvements in your messages. They are much better
> than before. They are still not appropriate for display to end users.
> Please use ff_tlog(), as was suggested in the original thread.

Now that i looked at ff_tlog() closely it's only enabled if -DTRACE is
used during compilation, and then it prints stuff at the trace log
level, which is even lower than debug and used to print a bunch of
assorted values that are not error log messages.
The chances for a dev to ever use that is very low outside of very
specific cases, seeing that even a sane h264 clip will trash the
terminal with an endless amount of log lines.

So if anything, use debug level instead of error in the av_log call.

On Mon, Sep 04, 2017 at 08:35:17PM +0200, wm4 wrote:
[...]
> > > > Can't we just remove this codec? It has no use other than causing
> > > > potential security issues and maintenance.  
> > > 
> > > I agree about removing the encoder, but the decoder is needed for
> > > existing streams. Unless everyone just argues it has no real world
> > > samples for being an avcodec-only toy codec.
> > > 
> > > If you send a patch removing the encoder without also trying to remove
> > > all the things that currently depend on it (One or two filters i think)
> > > then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
> > > testing, fate or otherwise, that might require a native encoder.  
> > 
> > I find it a bit offensive that people suggest to remove the encoder i
> > maintain.
> 
> Can I add my own unused fringe codec with no users, as long as I
> maintain it?

Is there any reason to be so obsessed with snow? There are plenty of other
"fringe" codecs in the codebase that only one person in the world cared
about 10 years ago. Snow is one of the rare wavelet codecs, and as a
result is much more valuable than many random basic game flavored codecs.
And somehow, no one ever mention those.

I don't personally care about game codecs or snow myself (probably nobody
does), but I don't support this snow/swscale/whatever-michael-did killing
circle jerk. This really feels like some form of constant harassment (I'm
not even talking about IRC), and that's not acceptable.

Please people, chill out. I understand the frustration when someone
doesn't understand something that feel obvious to "everyone" and keep
insisting on it, but that doesn't mean you should enter in some form of
obsession and vengeance about anything he did/does/will do.

...aaand here I am, back in the "Insane people defending Michael all the
time" category.

Regards,

On Tue, 5 Sep 2017 10:03:11 +0200
Clément Bœsch <u@pkh.me> wrote:

> On Mon, Sep 04, 2017 at 08:35:17PM +0200, wm4 wrote:
> [...]
> > > > > Can't we just remove this codec? It has no use other than causing
> > > > > potential security issues and maintenance.    
> > > > 
> > > > I agree about removing the encoder, but the decoder is needed for
> > > > existing streams. Unless everyone just argues it has no real world
> > > > samples for being an avcodec-only toy codec.
> > > > 
> > > > If you send a patch removing the encoder without also trying to remove
> > > > all the things that currently depend on it (One or two filters i think)
> > > > then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
> > > > testing, fate or otherwise, that might require a native encoder.    
> > > 
> > > I find it a bit offensive that people suggest to remove the encoder i
> > > maintain.  
> > 
> > Can I add my own unused fringe codec with no users, as long as I
> > maintain it?  
> 
> Is there any reason to be so obsessed with snow? There are plenty of other
> "fringe" codecs in the codebase that only one person in the world cared
> about 10 years ago. Snow is one of the rare wavelet codecs, and as a
> result is much more valuable than many random basic game flavored codecs.
> And somehow, no one ever mention those.

Those game codecs have actually some use. There are files in the wild
that are available to many, and that aren't just demo/test files. But
it's true that all these game codecs bloat the codebase, cause
maintenance and security issues, and have little use. They barely have
a justification to exist too.

The only argument for snow is that it's a nice ideas. It might serve as
some proof of concept. As a real codec, it appears to be unusable.

> I don't personally care about game codecs or snow myself (probably nobody
> does), but I don't support this snow/swscale/whatever-michael-did killing
> circle jerk. This really feels like some form of constant harassment (I'm
> not even talking about IRC), and that's not acceptable.

Well, michael could just cut back on trying to force insane stuff. His
obstinate attitude to force ridiculous patches and defending them like
they're the only choice doesn't help. Even when we try to remove some
of his sins, he'll defend it to death, no matter how crazy and stupid
the code was (side data merging comes to mind).

If you feel like what I'm doing is harassment, I can end my involvement
with michael to avoid this - but only if you stop him from doing bad
things.

> Please people, chill out. I understand the frustration when someone
> doesn't understand something that feel obvious to "everyone" and keep
> insisting on it, but that doesn't mean you should enter in some form of
> obsession and vengeance about anything he did/does/will do.
> 
> ...aaand here I am, back in the "Insane people defending Michael all the
> time" category.

We don't really need more of that category.

Hi,

On Mon, Sep 4, 2017 at 10:11 PM, James Almer <jamrial@gmail.com> wrote:

> On 9/4/2017 11:00 PM, Ronald S. Bultje wrote:
> > Hi,
> >
> > On Mon, Sep 4, 2017 at 12:11 PM, Michael Niedermayer
> <michael@niedermayer.cc
> >> wrote:
> >
> >>          if(type){
> >> +            int ld, cbd, crd;
> >>              pred_mv(s, &mx, &my, 0, left, top, tr);
> >> -            l += get_symbol(&s->c, &s->block_state[32], 1);
> >> +            ld = get_symbol(&s->c, &s->block_state[32], 1);
> >> +            if (ld < -255 || ld > 255) {
> >> +                av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of range)
> >> intra luma block DC difference %d\n", ld);
> >> +                return AVERROR_INVALIDDATA;
> >> +            }
> >> +            l += ld;
> >>              if (s->nb_planes > 2) {
> >> -                cb+= get_symbol(&s->c, &s->block_state[64], 1);
> >> -                cr+= get_symbol(&s->c, &s->block_state[96], 1);
> >> +                cbd = get_symbol(&s->c, &s->block_state[64], 1);
> >> +                crd = get_symbol(&s->c, &s->block_state[96], 1);
> >> +                if (cbd < -255 || cbd > 255 || crd < -255 || crd >
> 255) {
> >> +                    av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of
> >> range) intra chroma block DC difference %d, %d\n", cbd, crd);
> >> +                    return AVERROR_INVALIDDATA;
> >> +                }
> >> +                cb += cbd;
> >> +                cr += crd;
> >>              }
> >
> >
> > I recognize the great improvements in your messages. They are much better
> > than before. They are still not appropriate for display to end users.
> > Please use ff_tlog(), as was suggested in the original thread.
>
> Now that i looked at ff_tlog() closely it's only enabled if -DTRACE is
> used during compilation, and then it prints stuff at the trace log
> level, which is even lower than debug and used to print a bunch of
> assorted values that are not error log messages.


You're right, ff_dlog() seems better (see libavcodec/internal.h).

I also agree with y'all, let's stop discussing this further, we're all
working on real, actually important stuff, this particular issue really
isn't worth our time...

Ronald

On Tue, Sep 05, 2017 at 07:13:00AM -0400, Ronald S. Bultje wrote:
> Hi,
> 
> On Mon, Sep 4, 2017 at 10:11 PM, James Almer <jamrial@gmail.com> wrote:
> 
> > On 9/4/2017 11:00 PM, Ronald S. Bultje wrote:
> > > Hi,
> > >
> > > On Mon, Sep 4, 2017 at 12:11 PM, Michael Niedermayer
> > <michael@niedermayer.cc
> > >> wrote:
> > >
> > >>          if(type){
> > >> +            int ld, cbd, crd;
> > >>              pred_mv(s, &mx, &my, 0, left, top, tr);
> > >> -            l += get_symbol(&s->c, &s->block_state[32], 1);
> > >> +            ld = get_symbol(&s->c, &s->block_state[32], 1);
> > >> +            if (ld < -255 || ld > 255) {
> > >> +                av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of range)
> > >> intra luma block DC difference %d\n", ld);
> > >> +                return AVERROR_INVALIDDATA;
> > >> +            }
> > >> +            l += ld;
> > >>              if (s->nb_planes > 2) {
> > >> -                cb+= get_symbol(&s->c, &s->block_state[64], 1);
> > >> -                cr+= get_symbol(&s->c, &s->block_state[96], 1);
> > >> +                cbd = get_symbol(&s->c, &s->block_state[64], 1);
> > >> +                crd = get_symbol(&s->c, &s->block_state[96], 1);
> > >> +                if (cbd < -255 || cbd > 255 || crd < -255 || crd >
> > 255) {
> > >> +                    av_log(s->avctx, AV_LOG_ERROR, "Invalid (Out of
> > >> range) intra chroma block DC difference %d, %d\n", cbd, crd);
> > >> +                    return AVERROR_INVALIDDATA;
> > >> +                }
> > >> +                cb += cbd;
> > >> +                cr += crd;
> > >>              }
> > >
> > >
> > > I recognize the great improvements in your messages. They are much better
> > > than before. They are still not appropriate for display to end users.
> > > Please use ff_tlog(), as was suggested in the original thread.
> >
> > Now that i looked at ff_tlog() closely it's only enabled if -DTRACE is
> > used during compilation, and then it prints stuff at the trace log
> > level, which is even lower than debug and used to print a bunch of
> > assorted values that are not error log messages.
> 
> 
> You're right, ff_dlog() seems better (see libavcodec/internal.h).

ff_dlog() is not part of a user build so a users bug report will not
contain it at any verbose / debug level.

If that is what the community wants, we can of course go that way.
My oppinion is that its a bad idea for the future maintainability
of the project to use ff_dlog() widely for error details.
But its the communities project and neither mine nor yours.
Its also the community that will have to live with the resulting
codebase and set of bug reports ...


[...]

Hi,

On Tue, Sep 5, 2017 at 7:47 PM, Michael Niedermayer <michael@niedermayer.cc>
wrote:

> ff_dlog() is not part of a user build so a users bug report will not
> contain it at any verbose / debug level.
>

That is intentional. The messages are not meant for end users, since they
are not helpful or informative for them.

Bug reports always ask for files, and therefore it will be trivial for us
as experienced developers to reproduce the bugs (which we do anyway) with a
debug build and -v debug to get the appropriate level of technical
verbosity that results in information appropriate for developers while
debugging such issues.

Ronald

On Tue, Sep 05, 2017 at 07:53:49PM -0400, Ronald S. Bultje wrote:
> Hi,
> 
> On Tue, Sep 5, 2017 at 7:47 PM, Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > ff_dlog() is not part of a user build so a users bug report will not
> > contain it at any verbose / debug level.
> >
> 
> That is intentional. The messages are not meant for end users, since they
> are not helpful or informative for them.

I think the only point we agree on is that we disagree.


> 
> Bug reports always ask for files, and therefore it will be trivial for us
> as experienced developers to reproduce the bugs (which we do anyway) with a
> debug build and -v debug to get the appropriate level of technical
> verbosity that results in information appropriate for developers while
> debugging such issues.

thanks for volunteering

[...]

On 9/5/2017 5:38 AM, wm4 wrote:
> On Tue, 5 Sep 2017 10:03:11 +0200
> Clément Bœsch <u@pkh.me> wrote:
> 
>> On Mon, Sep 04, 2017 at 08:35:17PM +0200, wm4 wrote:
>> [...]
>>>>>> Can't we just remove this codec? It has no use other than causing
>>>>>> potential security issues and maintenance.    
>>>>>
>>>>> I agree about removing the encoder, but the decoder is needed for
>>>>> existing streams. Unless everyone just argues it has no real world
>>>>> samples for being an avcodec-only toy codec.
>>>>>
>>>>> If you send a patch removing the encoder without also trying to remove
>>>>> all the things that currently depend on it (One or two filters i think)
>>>>> then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
>>>>> testing, fate or otherwise, that might require a native encoder.    
>>>>
>>>> I find it a bit offensive that people suggest to remove the encoder i
>>>> maintain.  
>>>
>>> Can I add my own unused fringe codec with no users, as long as I
>>> maintain it?  
>>
>> Is there any reason to be so obsessed with snow? There are plenty of other
>> "fringe" codecs in the codebase that only one person in the world cared
>> about 10 years ago. Snow is one of the rare wavelet codecs, and as a
>> result is much more valuable than many random basic game flavored codecs.
>> And somehow, no one ever mention those.
> 
> Those game codecs have actually some use. There are files in the wild
> that are available to many, and that aren't just demo/test files. But
> it's true that all these game codecs bloat the codebase, cause
> maintenance and security issues, and have little use. They barely have
> a justification to exist too.

Don't be one of those that go "h264/aac/mov is all ffmpeg should care
about".

> 
> The only argument for snow is that it's a nice ideas. It might serve as
> some proof of concept. As a real codec, it appears to be unusable.
> 
>> I don't personally care about game codecs or snow myself (probably nobody
>> does), but I don't support this snow/swscale/whatever-michael-did killing
>> circle jerk. This really feels like some form of constant harassment (I'm
>> not even talking about IRC), and that's not acceptable.
> 
> Well, michael could just cut back on trying to force insane stuff. His
> obstinate attitude to force ridiculous patches and defending them like
> they're the only choice doesn't help. Even when we try to remove some
> of his sins, he'll defend it to death, no matter how crazy and stupid
> the code was (side data merging comes to mind).

Seeing that stuff is effectively deprecated, i don't think he defended
it to death. Everyone argued it was a pointless feature, and he
ultimately conceded.

> 
> If you feel like what I'm doing is harassment, I can end my involvement
> with michael to avoid this - but only if you stop him from doing bad
> things.

You're very critical of all his patches. In many cases you give a
detailed technical explanation of why you disagree, but most times you
just make a snarky comment or are otherwise kinda rude.
Even when you were proven wrong (the runtime cpu flag stuff) you answer
was "Then go and rewrite the entire dsp initialization infrastructure".
What made you think that was a good reply? If anything, that's what
whoever is trying to introduce the faulty behavior should do, not him
that reported why it's faulty.

I tried to find a common ground regarding the error messages in this
thread an the other and almost got it. But then i fucked up by agreeing
with you about removing snowenc which started this stupid branch of the
discussion. So please, like Clement said, chill out. We gain nothing
with all this and lose plenty.

> 
>> Please people, chill out. I understand the frustration when someone
>> doesn't understand something that feel obvious to "everyone" and keep
>> insisting on it, but that doesn't mean you should enter in some form of
>> obsession and vengeance about anything he did/does/will do.
>>
>> ...aaand here I am, back in the "Insane people defending Michael all the
>> time" category.
> 
> We don't really need more of that category.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>

On Tue, 5 Sep 2017 22:14:39 -0300
James Almer <jamrial@gmail.com> wrote:

> On 9/5/2017 5:38 AM, wm4 wrote:
> > On Tue, 5 Sep 2017 10:03:11 +0200
> > Clément Bœsch <u@pkh.me> wrote:
> >   
> >> On Mon, Sep 04, 2017 at 08:35:17PM +0200, wm4 wrote:
> >> [...]  
> >>>>>> Can't we just remove this codec? It has no use other than causing
> >>>>>> potential security issues and maintenance.      
> >>>>>
> >>>>> I agree about removing the encoder, but the decoder is needed for
> >>>>> existing streams. Unless everyone just argues it has no real world
> >>>>> samples for being an avcodec-only toy codec.
> >>>>>
> >>>>> If you send a patch removing the encoder without also trying to remove
> >>>>> all the things that currently depend on it (One or two filters i think)
> >>>>> then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
> >>>>> testing, fate or otherwise, that might require a native encoder.      
> >>>>
> >>>> I find it a bit offensive that people suggest to remove the encoder i
> >>>> maintain.    
> >>>
> >>> Can I add my own unused fringe codec with no users, as long as I
> >>> maintain it?    
> >>
> >> Is there any reason to be so obsessed with snow? There are plenty of other
> >> "fringe" codecs in the codebase that only one person in the world cared
> >> about 10 years ago. Snow is one of the rare wavelet codecs, and as a
> >> result is much more valuable than many random basic game flavored codecs.
> >> And somehow, no one ever mention those.  
> > 
> > Those game codecs have actually some use. There are files in the wild
> > that are available to many, and that aren't just demo/test files. But
> > it's true that all these game codecs bloat the codebase, cause
> > maintenance and security issues, and have little use. They barely have
> > a justification to exist too.  
> 
> Don't be one of those that go "h264/aac/mov is all ffmpeg should care
> about".

I didn't argue that at all. I'm arguing that FFmpeg probably shouldn't
support a codec that was used by 1 or 2 released games, and for which
we can't guarantee security. Obscure features are a pretty big and
popular attack surface.

That's very different from arguing that we should drop all codecs but 3.

> > 
> > The only argument for snow is that it's a nice ideas. It might serve as
> > some proof of concept. As a real codec, it appears to be unusable.
> >   
> >> I don't personally care about game codecs or snow myself (probably nobody
> >> does), but I don't support this snow/swscale/whatever-michael-did killing
> >> circle jerk. This really feels like some form of constant harassment (I'm
> >> not even talking about IRC), and that's not acceptable.  
> > 
> > Well, michael could just cut back on trying to force insane stuff. His
> > obstinate attitude to force ridiculous patches and defending them like
> > they're the only choice doesn't help. Even when we try to remove some
> > of his sins, he'll defend it to death, no matter how crazy and stupid
> > the code was (side data merging comes to mind).  
> 
> Seeing that stuff is effectively deprecated, i don't think he defended
> it to death. Everyone argued it was a pointless feature, and he
> ultimately conceded.

He only "conceded" after I put all of my energy into it, and even then
he was letting us know that he thought side data merging was great. And
of course this whole thing was not without claiming that side data
merging was part of the ABI, which is pure BS (but he probably did that
so that I had even more work with creating separate version guards).

Shit like this happens every fucking time. I'm tired of it, so excuse
me if I sometimes get "rude".

> > 
> > If you feel like what I'm doing is harassment, I can end my involvement
> > with michael to avoid this - but only if you stop him from doing bad
> > things.  
> 
> You're very critical of all his patches. In many cases you give a
> detailed technical explanation of why you disagree, but most times you
> just make a snarky comment or are otherwise kinda rude.
> Even when you were proven wrong (the runtime cpu flag stuff) you answer

I wasn't proven wrong in this case. You can change the CPU flags at
runtime, but, as I pointed out, it obviously doesn't work if there's
anything still "running". It shows that

 1. runtime modification doesn't really work, i.e. it's an obscure case
    that didn't work before, and all the heckmeck Michael is creating
    is probably only passive aggressive BS to "prove" his point
 2. the various API to change CPU flags are a bad idea, and we should
    go into the opposite direction

It blows my mind that some developer argues FFmpeg should adapt to
runtime CPU changes. This is obviously batshit, because it's highly
complex, the rest of _all_ the code doesn't handle it, and the API is
global mutable state anyway.

Getting back to this bit:

> You're very critical of all his patches. In many cases you give a
> detailed technical explanation of why you disagree, but most times you
> just make a snarky comment or are otherwise kinda rude.

In general, Michael often tends to post new patches with exactly the
same bad issues as past patches, even though there was lengthy
discussion about them, how they were bad, and how Michael shouldn't do
that. So excuse me if I don't repeat myself every time.

We had this discussion about fine grained error messages for fuzzed
samples before too. Several times. Michael doesn't learn, or most
likely, doesn't want to learn. It's rude to ignore our comments. Why are
you complaining about me again?

> I tried to find a common ground regarding the error messages in this
> thread an the other and almost got it. But then i fucked up by agreeing
> with you about removing snowenc which started this stupid branch of the
> discussion. So please, like Clement said, chill out. We gain nothing
> with all this and lose plenty.

What could we possibly lose at this point.

On 9/6/2017 6:55 AM, wm4 wrote:
> On Tue, 5 Sep 2017 22:14:39 -0300
> James Almer <jamrial@gmail.com> wrote:
> 
>> On 9/5/2017 5:38 AM, wm4 wrote:
>>> On Tue, 5 Sep 2017 10:03:11 +0200
>>> Clément Bœsch <u@pkh.me> wrote:
>>>   
>>>> On Mon, Sep 04, 2017 at 08:35:17PM +0200, wm4 wrote:
>>>> [...]  
>>>>>>>> Can't we just remove this codec? It has no use other than causing
>>>>>>>> potential security issues and maintenance.      
>>>>>>>
>>>>>>> I agree about removing the encoder, but the decoder is needed for
>>>>>>> existing streams. Unless everyone just argues it has no real world
>>>>>>> samples for being an avcodec-only toy codec.
>>>>>>>
>>>>>>> If you send a patch removing the encoder without also trying to remove
>>>>>>> all the things that currently depend on it (One or two filters i think)
>>>>>>> then I'll +1 it. ffv1 and mpeg4 encoders are enough for any kind of
>>>>>>> testing, fate or otherwise, that might require a native encoder.      
>>>>>>
>>>>>> I find it a bit offensive that people suggest to remove the encoder i
>>>>>> maintain.    
>>>>>
>>>>> Can I add my own unused fringe codec with no users, as long as I
>>>>> maintain it?    
>>>>
>>>> Is there any reason to be so obsessed with snow? There are plenty of other
>>>> "fringe" codecs in the codebase that only one person in the world cared
>>>> about 10 years ago. Snow is one of the rare wavelet codecs, and as a
>>>> result is much more valuable than many random basic game flavored codecs.
>>>> And somehow, no one ever mention those.  
>>>
>>> Those game codecs have actually some use. There are files in the wild
>>> that are available to many, and that aren't just demo/test files. But
>>> it's true that all these game codecs bloat the codebase, cause
>>> maintenance and security issues, and have little use. They barely have
>>> a justification to exist too.  
>>
>> Don't be one of those that go "h264/aac/mov is all ffmpeg should care
>> about".
> 
> I didn't argue that at all. I'm arguing that FFmpeg probably shouldn't
> support a codec that was used by 1 or 2 released games, and for which
> we can't guarantee security. Obscure features are a pretty big and
> popular attack surface.
> 
> That's very different from arguing that we should drop all codecs but 3.
> 
>>>
>>> The only argument for snow is that it's a nice ideas. It might serve as
>>> some proof of concept. As a real codec, it appears to be unusable.
>>>   
>>>> I don't personally care about game codecs or snow myself (probably nobody
>>>> does), but I don't support this snow/swscale/whatever-michael-did killing
>>>> circle jerk. This really feels like some form of constant harassment (I'm
>>>> not even talking about IRC), and that's not acceptable.  
>>>
>>> Well, michael could just cut back on trying to force insane stuff. His
>>> obstinate attitude to force ridiculous patches and defending them like
>>> they're the only choice doesn't help. Even when we try to remove some
>>> of his sins, he'll defend it to death, no matter how crazy and stupid
>>> the code was (side data merging comes to mind).  
>>
>> Seeing that stuff is effectively deprecated, i don't think he defended
>> it to death. Everyone argued it was a pointless feature, and he
>> ultimately conceded.
> 
> He only "conceded" after I put all of my energy into it,

Nicolas and others agreed with you that it was a pointless feature.
Nobody sided with Michael's views on the feature, so it was a lost battle.

> and even then
> he was letting us know that he thought side data merging was great. And
> of course this whole thing was not without claiming that side data
> merging was part of the ABI, which is pure BS (but he probably did that
> so that I had even more work with creating separate version guards).

You have no reason to assume this kind of malice. At all.

Also, had you also removed the automated merging parts of the code
without waiting for a major bump, if a pre-removal lavf were to send a
packet to a post-removal lavc, the latter would shit the bed with all
the packets full of unexpected data it doesn't understand.
The major bump patch i sent effectively gets rid of the ABI part of this
feature as you scheduled it. It's no longer an issue.

Maybe we should just bump major versions with every release instead and
forget about backwards compatibility? libav essentially does that since
they release once a year or less often. No two of their releases share
major versions.
It would certainly get rid of a lot of headaches for us.

> 
> Shit like this happens every fucking time. I'm tired of it, so excuse
> me if I sometimes get "rude".
> 
>>>
>>> If you feel like what I'm doing is harassment, I can end my involvement
>>> with michael to avoid this - but only if you stop him from doing bad
>>> things.  
>>
>> You're very critical of all his patches. In many cases you give a
>> detailed technical explanation of why you disagree, but most times you
>> just make a snarky comment or are otherwise kinda rude.
>> Even when you were proven wrong (the runtime cpu flag stuff) you answer
> 
> I wasn't proven wrong in this case. You can change the CPU flags at
> runtime, but, as I pointed out, it obviously doesn't work if there's
> anything still "running". It shows that
> 
>  1. runtime modification doesn't really work, i.e. it's an obscure case
>     that didn't work before, and all the heckmeck Michael is creating
>     is probably only passive aggressive BS to "prove" his point

Of course it doesn't work, but nothing stops an API user to attempt it
and make things crash.

We could mention in the doxy that all these CPU flag functions should
not be used after init (Basically, call it first or call it never). That
way if the user missuses the API it's their own fucking problem.

>  2. the various API to change CPU flags are a bad idea, and we should
>     go into the opposite direction

Hendrik also agrees with you, but right now neither ffmpeg or libav have
such plans, so maybe suggest a patch or approach to start a discussion.
But personally, i find the -cpuflag option useful to test simd code as i
write it.

> 
> It blows my mind that some developer argues FFmpeg should adapt to
> runtime CPU changes. This is obviously batshit, because it's highly
> complex, the rest of _all_ the code doesn't handle it, and the API is
> global mutable state anyway.

It shouldn't. He only mentioned how volatile and prone to crashes the
potential use of the new API was.

As i said above, maybe just telling the user to refrain from doing so is
enough? We've never gone the extra mile to stop users from doing things
"wrong" by adding extra abstraction or whatever. The user is not a child.

> 
> Getting back to this bit:
> 
>> You're very critical of all his patches. In many cases you give a
>> detailed technical explanation of why you disagree, but most times you
>> just make a snarky comment or are otherwise kinda rude.
> 
> In general, Michael often tends to post new patches with exactly the
> same bad issues as past patches, even though there was lengthy
> discussion about them, how they were bad, and how Michael shouldn't do
> that. So excuse me if I don't repeat myself every time.
> 
> We had this discussion about fine grained error messages for fuzzed
> samples before too. Several times. Michael doesn't learn, or most
> likely, doesn't want to learn. It's rude to ignore our comments. Why are
> you complaining about me again?

I agree that it seems he has ignored some of the request to remove
unhelpful error messages. But i also agree with him that, currently, the
tree is littered with error messages that go "$spec_field is out of
range" or whatever, and that they have not been seen as an issue before.
He basically argues that wanting to make new ones debug level is not
consistent with the existing code, so the proper approach would be to
change all of them to debug in the long run, or keep adding new ones as
error (as long as they are at least understandable).

I personally don't care. I just want this stupid discussion about error
messages to end.

> 
>> I tried to find a common ground regarding the error messages in this
>> thread an the other and almost got it. But then i fucked up by agreeing
>> with you about removing snowenc which started this stupid branch of the
>> discussion. So please, like Clement said, chill out. We gain nothing
>> with all this and lose plenty.
> 
> What could we possibly lose at this point.

Time, patience, hair, etc. Lot of things.

On Wed, 6 Sep 2017 11:33:05 -0300
James Almer <jamrial@gmail.com> wrote:

> Also, had you also removed the automated merging parts of the code
> without waiting for a major bump, if a pre-removal lavf were to send a
> packet to a post-removal lavc, the latter would shit the bed with all
> the packets full of unexpected data it doesn't understand.

Yes, because that's such a common and well-working configuration. Only
lesser Linux distros will do this anyway, and they don't matter. How
many other changes did we make and ignore such issues completely?

You also forget that pre-bump libavformat was still supposed to generate
merged side data, because otherwise it would "break" applications. So
basically the BS was rubbed in my face.

> Maybe we should just bump major versions with every release instead and
> forget about backwards compatibility? libav essentially does that since
> they release once a year or less often. No two of their releases share
> major versions.
> It would certainly get rid of a lot of headaches for us.

Yes, it would be an improvement over doing complicated work for
absolutely no reason.

> > What could we possibly lose at this point.  
> 
> Time, patience, hair, etc. Lot of things.

I lost much of those.

Hi,

On Wed, Sep 6, 2017 at 10:33 AM, James Almer <jamrial@gmail.com> wrote:

> But i also agree with him that, currently, the
> tree is littered with error messages that go "$spec_field is out of
> range" or whatever, and that they have not been seen as an issue before.
> He basically argues that wanting to make new ones debug level is not
> consistent with the existing code, so the proper approach would be to
> change all of them to debug in the long run, or keep adding new ones as
> error (as long as they are at least understandable).


I'm happy to help replace them with ff_dlog() or remove them, for the sake
of resolving the "consistency" argument.

Why care now? I don't mind minor issues, our tree is littered with them,
but with the amount of changes Michael is making in this area, this isn't
"minor" anymore, and it's growing. It's better to resolve such issues
before it grows out of hand and we're stuck with another MpegEncContext or
DspUtil.

Ronald

On Wed, Sep 06, 2017 at 11:55:41AM +0200, wm4 wrote:
> On Tue, 5 Sep 2017 22:14:39 -0300
> James Almer <jamrial@gmail.com> wrote:
> 
> > On 9/5/2017 5:38 AM, wm4 wrote:
> > > On Tue, 5 Sep 2017 10:03:11 +0200
> > > Clément Bœsch <u@pkh.me> wrote:
> > >   
> > >> On Mon, Sep 04, 2017 at 08:35:17PM +0200, wm4 wrote:
[...]
> > > 
> > > The only argument for snow is that it's a nice ideas. It might serve as
> > > some proof of concept. As a real codec, it appears to be unusable.
> > >   
> > >> I don't personally care about game codecs or snow myself (probably nobody
> > >> does), but I don't support this snow/swscale/whatever-michael-did killing
> > >> circle jerk. This really feels like some form of constant harassment (I'm
> > >> not even talking about IRC), and that's not acceptable.  
> > > 
> > > Well, michael could just cut back on trying to force insane stuff. His
> > > obstinate attitude to force ridiculous patches and defending them like
> > > they're the only choice doesn't help. Even when we try to remove some
> > > of his sins, he'll defend it to death, no matter how crazy and stupid
> > > the code was (side data merging comes to mind).  
> > 
> > Seeing that stuff is effectively deprecated, i don't think he defended
> > it to death. Everyone argued it was a pointless feature, and he
> > ultimately conceded.
> 
> He only "conceded" after I put all of my energy into it, and even then

> he was letting us know that he thought side data merging was great.

This is a false statement about me
Its my oppinion that
side data merging gave FFmpeg a strategic advantage over Libav at
the time it was added.
Without a competition at the time i would not have supported adding
it most likely.


[...]

Iam refraining from commenting on some of the snipped aggression
above


> Getting back to this bit:
> 
> > You're very critical of all his patches. In many cases you give a
> > detailed technical explanation of why you disagree, but most times you
> > just make a snarky comment or are otherwise kinda rude.
> 
> In general, Michael often tends to post new patches with exactly the
> same bad issues as past patches, even though there was lengthy
> discussion about them, how they were bad, and how Michael shouldn't do
> that. So excuse me if I don't repeat myself every time.
> 
> We had this discussion about fine grained error messages for fuzzed
> samples before too. Several times. Michael doesn't learn, or most
> likely, doesn't want to learn. It's rude to ignore our comments. Why are
> you complaining about me again?

I think you misunderstand or at least we have a different understanding
of the situation

In FFmpeg each piece of code has a maintainer. In fact
thats true everywhere, theres always someone or more who does the work.

And in general, not specific to FFmpeg
The people doing the work most of the time have the
authority about how to do it or they tend to be paid.

In FFmpeg, the person doing the work has the final decission on how the
code is written. Within the rules of our development policy.
For snow, a few others and defacto jpeg2000 thats me

jpeg 2000 is btw a terrible codec, i would be more than happy to give
the maintainer hat to someone else.

git shortlog -sn libavcodec/jpeg2000*
   317  Michael Niedermayer
    14  Luca Barbato
     9  Carl Eugen Hoyos
     9  Hendrik Leppkes
     7  Nicolas Bertrand
     6  Vittorio Giovara
     4  James Almer
     4  Janne Grunau
     3  Diego Biurrun
     3  Ganesh Ajjanagadde
     3  Paul B Mahol
     2  Anton Khirnov
     2  Clément Bœsch
     1  Derek Buitenhuis
     1  Lou Logan
     1  Lukasz Marek
     1  Martin Storsjö
     1  Reimar Döffinger

If the mainatiner of some code has a preferrance that differs from
your preferrance thats nothing to be upset about.

And i stated repeatedly that iam happy to follow the community
preferrance.
But instead of an attempt to poll the community for everyones
preferrance. there are 3 or 4 people who keep telling me
with increased aggression to do what they say. That is with mails
worded as if there was alot of authority behind them.
I find these mails quite rude honestly. Rude toward the community and
toward me.

Thus you have the current situation where patches i write for code
maintained by people who stated they want "no error messages" to have
no such messages. (unless i forget)

And patches writen for code maintained by me and others who didnt
state anything often contain error messages. (unless i forget)

Thats not ignoring people, i try to respect everyones preferrance in
code they maintain. And i would wish they would respect mine in code
i maintain, but some dont do that.

If somone explicitly objects to a patch i have always refrained from
pushing it.

And it seems people very easily get upset if I propose changes to code
i maintain that they previously told me they dont like.
"Why" really is beyond my comperhension. Iam the one maintaining this
code, and even have only proposed the changes in a posted patch.


> 
> > I tried to find a common ground regarding the error messages in this
> > thread an the other and almost got it. But then i fucked up by agreeing
> > with you about removing snowenc which started this stupid branch of the
> > discussion. So please, like Clement said, chill out. We gain nothing
> > with all this and lose plenty.
> 
> What could we possibly lose at this point.

a lot
anger and hostility rarely leads to good things



[...]