From patchwork Fri Mar  8 14:15:40 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Lynne <dev@lynne.ee>
X-Patchwork-Id: 12258
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 9D214449083
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Fri,  8 Mar 2019 16:15:46 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 77A6968A67C;
	Fri,  8 Mar 2019 16:15:46 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from w4.tutanota.de (w4.tutanota.de [81.3.6.165])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0CA08689BFE
	for <ffmpeg-devel@ffmpeg.org>; Fri,  8 Mar 2019 16:15:40 +0200 (EET)
Received: from w2.tutanota.de (unknown [192.168.1.163])
	by w4.tutanota.de (Postfix) with ESMTP id 4F9931060278
	for <ffmpeg-devel@ffmpeg.org>; Fri,  8 Mar 2019 14:15:40 +0000 (UTC)
Date: Fri, 8 Mar 2019 15:15:40 +0100 (CET)
From: Lynne <dev@lynne.ee>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <L_SeCLv--3-1@lynne.ee>
In-Reply-To: <20190307212211.GO3501@michaelspb>
References: <L_OP1bH--3-1@lynne.ee> <<L_OP1bH--3-1@lynne.ee>>
	<20190307212211.GO3501@michaelspb>
MIME-Version: 1.0
Subject: Re: [FFmpeg-devel] [PATCH] pngdec: add ability to check chunk CRC
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

7 Mar 2019, 21:22 by michael@niedermayer.cc:

> On Thu, Mar 07, 2019 at 07:26:32PM +0100, Lynne wrote:
>
>> By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder
>> will skip the chunk and carry on with the next one. This should make the       
>> decoder able to decode more corrupt files because the functions which decode
>> individual chunks will very likely error out if fed invalid data and stop the
>> decoding of the entire image.
>> Should this be made default? CRC verification doesn't take long even for very
>> large files.                                                      
>> Also fix the length check for chunk size. It needs to take into account the
>> 4 byte tag as well as the 4 byte CRC.
>>
>> pngdec.c |   19 ++++++++++++++++++-
>>  1 file changed, 18 insertions(+), 1 deletion(-)
>> 4255c91468cee2bc2fa757fae69762ff5ee5774a  0001-pngdec-add-ability-to-check-chunk-CRC.patch
>> From 7aff99d12faf557753c5ee860a9672c7a09a26e3 Mon Sep 17 00:00:00 2001
>> From: Lynne <>> dev@lynne.ee <mailto:dev@lynne.ee>>> >
>> Date: Thu, 7 Mar 2019 18:15:23 +0000
>> Subject: [PATCH] pngdec: add ability to check chunk CRC
>>
>> By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder
>> will skip the chunk and carry on with the next one. This should make the
>> decoder able to decode more corrupt files because the functions which decode
>> individual chunks will very likely error out if fed invalid data and stop the
>> decoding of the entire image.
>> Should this be made default? CRC verification doesn't take long even for very
>> large files.
>>
>
> i would tend toward enabling it by default but maybe first post some
> numbers of how much this changes decode time 
>

For the largest png I found: https://vk.com/doc218587497_437472325?hash=51300ca9ba40f462ac&dl=1bcf9a57b0d989da1f <https://vk.com/doc218587497_437472325?hash=51300ca9ba40f462ac&dl=1bcf9a57b0d989da1f>

There was no increase in decoding time, it took 2.3 seconds on my machine
with and without -err_detect crccheck.

With -err_detect crccheck perf reported 2.52% spent in av_crc


>> Also fix the length check for chunk size. It needs to take into account the
>> 4 byte tag as well as the 4 byte CRC.
>>
>
> this should be a seperate patch as its unrelated
>

removed and attached new patch file

Maybe always enabling the CRC check isn't worth it since if you download from
the internet you could either get a full error-free file or an incomplete one
rather than a corrupt one. Maybe only for torrents with huge png files where
not all chunks have been downloaded yet, or broken hard drives, but the ignore_err
flag could be manually enabled in those cases.

From b911d3cb36828ad3c910ca6bf8b96a58ce398191 Mon Sep 17 00:00:00 2001
From: Lynne <dev@lynne.ee>
Date: Thu, 7 Mar 2019 18:15:23 +0000
Subject: [PATCH] pngdec: add ability to check chunk CRC

By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder
will skip the chunk and carry on with the next one. This should make the
decoder able to decode more corrupt files because the functions which decode
individual chunks will very likely error out if fed invalid data and stop the
decoding of the entire image.
---
 libavcodec/pngdec.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 189bb9a4c1..9743f1cb76 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -23,6 +23,7 @@
 
 #include "libavutil/avassert.h"
 #include "libavutil/bprint.h"
+#include "libavutil/crc.h"
 #include "libavutil/imgutils.h"
 #include "libavutil/stereo3d.h"
 #include "libavutil/mastering_display_metadata.h"
@@ -1169,6 +1170,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s,
 static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
                                AVFrame *p, AVPacket *avpkt)
 {
+    const AVCRC *crc_tab = av_crc_get_table(AV_CRC_32_IEEE_LE);
     AVDictionary **metadatap = NULL;
     uint32_t tag, length;
     int decode_next_dat = 0;
@@ -1203,6 +1205,21 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
             ret = AVERROR_INVALIDDATA;
             goto fail;
         }
+        if (avctx->err_recognition & (AV_EF_CRCCHECK | AV_EF_IGNORE_ERR)) {
+            uint32_t crc_sig = AV_RB32(s->gb.buffer + length + 4);
+            uint32_t crc_cal = ~av_crc(crc_tab, UINT32_MAX, s->gb.buffer, length + 4);
+            if (crc_sig ^ crc_cal) {
+                av_log(avctx, AV_LOG_ERROR, "CRC mismatch in chunk");
+                if (avctx->err_recognition & AV_EF_EXPLODE) {
+                    av_log(avctx, AV_LOG_ERROR, ", quitting\n");
+                    ret = AVERROR_INVALIDDATA;
+                    goto fail;
+                }
+                av_log(avctx, AV_LOG_ERROR, ", skipping\n");
+                bytestream2_skip(&s->gb, 4); /* tag */
+                goto skip_tag;
+            }
+        }
         tag = bytestream2_get_le32(&s->gb);
         if (avctx->debug & FF_DEBUG_STARTCODE)
             av_log(avctx, AV_LOG_DEBUG, "png: tag=%s length=%u\n",
-- 
2.21.0