1 |
On Mon, 11 Feb 2013 12:25:36 +0100 |
2 |
Luca Barbato <lu_zero@g.o> wrote: |
3 |
|
4 |
> On 11/02/13 03:01, Alexis Ballier wrote: |
5 |
> > Sorry, I was away this week end... |
6 |
> |
7 |
> Not a problem, I should be reachable anytime today. |
8 |
> |
9 |
|
10 |
Will ping you. |
11 |
|
12 |
> > This is only because libav people do not care at all about what |
13 |
> > FFmpeg defines, while FFmpeg seems to care more about its consumers |
14 |
> > and users by trying to provide a compatible ABI and API. |
15 |
> |
16 |
> The reasons about that could be multiple, the facts are those. If you |
17 |
> want you application to run in both you pick the Libav API. |
18 |
|
19 |
Well, then this raises the question: If libav does not care about what |
20 |
is done around it, why should we care about libav? |
21 |
|
22 |
> > Moreover, this is not |
23 |
> > true at all when it comes to the parts where supporting both forks |
24 |
> > is painful: libavfilter and audio resampling. It is pretty clear |
25 |
> > that the audio resampling wheel was reinvented on the libav part, |
26 |
> > with a different library name and in 95% of its use cases going |
27 |
> > from ffmpeg's audio resampling to libav's is mainly a matter of |
28 |
> > 'sed s/swr/avr/'. |
29 |
> |
30 |
> Not really, the resample library idea was brewing for long even |
31 |
> pre-fork, it got released first on FFmpeg because there is this |
32 |
> bulimic tendency to add more features in order to be compelling in |
33 |
> FFmpeg. |
34 |
|
35 |
There was a need for it, FFmpeg made it available with 0.10, one year |
36 |
before libav-9. Why not re-using libswr into libav, possibly reworking |
37 |
it entirely but offering a compatible API? This all sounded to me like |
38 |
'we do not care, users and applications can take the mess, it is not |
39 |
our problem'. |
40 |
There is a problem we are facing today: Some audio decoders started to |
41 |
output planar audio when historically ffmpeg/libav audio decoders |
42 |
produced only iterleaved audio, how do you suggest to fix this in |
43 |
applications? Manually converting planar audio to interleaved (ala |
44 |
mplayer)? This does not seem very future-proof, this will have to be |
45 |
adapted everytime a new format is added (which will not change lib |
46 |
major and thus break application at runtime for poor usage of the |
47 |
provided API). Or maybe use a library as a fallback that ensures you it |
48 |
will be able to convert any audio format produced by ffmpeg/libav to |
49 |
what you need (ala xbmc)? Which one to chose? If I want to support |
50 |
ffmpeg then I have to use libswr, because that is the one that has this |
51 |
property; If I want to support libav, then I have to use libavr... All |
52 |
of this because ~10 people cannot work together, well, really, thank |
53 |
you :) |
54 |
|
55 |
|
56 |
> I said already what happened when I started to develop the pulse |
57 |
> capture and the generic segmenter in my github as another example of |
58 |
> stuff developed by unrelated people and curiously landing before |
59 |
> deemed ready by the author in ffmpeg git. (prores could be considered |
60 |
> yet another funny example). |
61 |
|
62 |
Can you point out any important problem? Otherwise, this is simply |
63 |
how open source work: this has been published with a free enough |
64 |
license, if I were working on these parts I'd not start from scratch |
65 |
but from the code available to me... If you want to avoid this, don't |
66 |
publish it or publish it with a restrictive license and relicense your |
67 |
code once pushing to libav. |
68 |
Another funny example are the multithreaded decoders (ffmpeg-mt), |
69 |
which was one of the main publicity material at the beginning of libav, |
70 |
and suffered from numerous problems in the early days... nevertheless it |
71 |
was merged by libav. You are criticizing something that has been done on |
72 |
both sides :) |
73 |
|
74 |
> > Some parts of libavfilter also appeared later in libav, sometimes |
75 |
> > with a slightly different API, making it really awful to support |
76 |
> > both forks in applications. |
77 |
> |
78 |
> libavfilter is deemed still not ready for general consumption in Libav |
79 |
> and just the set of calls that won't change (hopefully) in the future |
80 |
> are provided. Meanwhile we are trying to make the whole buffer |
81 |
> management less copy-happy and a little more rational. |
82 |
> |
83 |
> (not sure if you tried to use libavfilter but it is a _bit_ hard to |
84 |
> use if compared to vlc filter layer and such) |
85 |
|
86 |
Yes, well, if forces were not scattered due to the split then I'm |
87 |
pretty sure libavfilter would be in a much better state. IIRC, ffmpeg's |
88 |
libavfilter is much more 'copy-less' than current libav's version. |
89 |
|
90 |
[...] |
91 |
> > It is funny to see how libav ignores completely ffmpeg even for |
92 |
> > bugfixes, I stumbled over this recently and it sounded familiar: |
93 |
> > http://git.libav.org/?p=libav.git;a=commitdiff;h=89f11f498b9c15bc71494a11a7ec560f4adf630d |
94 |
> > vs |
95 |
> > http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1af91978dbab35ba9fdede187577c00d643ae33b |
96 |
> > now, you can look at the dates, there's a one year lag in libav for |
97 |
> > reinventing the same bugfix. This is for a format almost nobody |
98 |
> > uses, but in any case I do not consider this attitude sane. |
99 |
> |
100 |
> Nobody is perfect and not everybody has the time to track another |
101 |
> project tree every day. |
102 |
|
103 |
As a Gentoo developer, if you notice a bug in a package, usually the |
104 |
first thing you do is pull upstream's trunk repo and see if there is a |
105 |
fix available. If you don't do that, you may just be wasting your time. |
106 |
Maybe if the time spent reinventing the wheel was spent more |
107 |
efficiently by looking at what is done in FFmpeg, then more important |
108 |
improvements could be achieved... |
109 |
|
110 |
> >> and a bit more tested over a wider range of architectures. |
111 |
> > |
112 |
> > If you are talking about fate, then I cannot comment. fate started |
113 |
> > before the split, so I assume the owners of said test machines took |
114 |
> > them within their respective fork. |
115 |
> |
116 |
> That speaks a *bit* about the general support maybe? |
117 |
|
118 |
fate is quite complete on the ffmpeg side too. For me, this speaks more |
119 |
about a useless scattering of forces than anything else... |
120 |
|
121 |
> > I fully agree there, but you should be careful with who you include |
122 |
> > in 'our'. In the case of a default then it is clearly 'the users'. |
123 |
> > Now, considering there are a couple (very few) of packages that do |
124 |
> > not compile with libav, do you consider having it as default a good |
125 |
> > idea? |
126 |
> |
127 |
> I have no opinion, I stayed out of the discussion and decision about |
128 |
> that before because I know I have a bias. I let other people decide. |
129 |
|
130 |
Note: If pro-libav people would be doing the work of fixing the tree |
131 |
and ensuring *everything* works with libav I would not mind at all what |
132 |
the default is. So far, I have been doing most of the porting work |
133 |
since years, there are packages still not working with libav-0.8, the |
134 |
introduction of some libav stuff in the tree caused problems |
135 |
(virtual/ffmpeg, libpostproc; nothing inherent to libav, its just it |
136 |
was poorly done), there are still numerous patches to support libav |
137 |
(mainly because of some libavutil headers missing). I consider FFmpeg |
138 |
superior, but can understand there are different opinions, however, if |
139 |
this is to lower the tree quality then it is obvious libav shouldn't be |
140 |
the default. |
141 |
|
142 |
> > Those packages can very well be fixed, but if patches do not go |
143 |
> > upstream, this is not going to work in the long term. Also, the only |
144 |
> > reason why I have not pinned those packages to depend only on |
145 |
> > media-video/ffmpeg is because libav is not the default (not entirely |
146 |
> > true btw, see later), meaning those that use libav are those that |
147 |
> > are willing to help and know what they are doing. If people are to |
148 |
> > get libav by default and then hit compile failures to be told to use |
149 |
> > ffmpeg, then it is QA 101 that these packages should be depending on |
150 |
> > media-video/ffmpeg. |
151 |
> |
152 |
> You can, if you really want, offset ffmpeg so it doesn't clash with |
153 |
> Libav. |
154 |
|
155 |
Ahahah :) Or maybe, despite the claims of some libav devs, libav should |
156 |
realize they are the actual fork (this is now pretty clear since the |
157 |
takeover failed and ffmpeg didn't collapse...) and also rename their |
158 |
libraries so that the internal libav/ffmpeg fights would not affect |
159 |
their users anymore and projects could use what they think best... |
160 |
|
161 |
|
162 |
[...] |
163 |
> > Probably true, but I still consider a quick fix disabling the |
164 |
> > vulnerability to be released quickly is a good thing. |
165 |
> |
166 |
> No, it is in general a really stupid idea. You are basically telling |
167 |
> the interested attackers where the problem is. Then the attacker does |
168 |
> +1 and you have your new, freshly installed application compromised. |
169 |
> |
170 |
> It is the _worst_ possible service you could do. |
171 |
> |
172 |
> Think about a random rpc system with 4 calls that are similar and go |
173 |
> down the same codepaths, some fuzzer discovers that sending a message |
174 |
> with a certain shape let you crash the application. |
175 |
> |
176 |
> The fix pushed and published with much fanfare is "if $shape then |
177 |
> error" for that specific rpc call. |
178 |
> Pity that that similar shapes would crash the other rpc calls, thus |
179 |
> anybody with interest in crashing the application have a good example |
180 |
> on how to do that. |
181 |
> |
182 |
> Unrelated to the discussion please do not do that in any project you |
183 |
> contribute. It is that _bad_ |
184 |
|
185 |
Fully agree, but a quick fix can very well be 'if overflow then error' |
186 |
on the common code path, disabling completely the vulnerability while |
187 |
likely rejecting valid requests too (that never worked) and then a |
188 |
complete fix would be to rework the code so that there cannot be an |
189 |
overflow... |
190 |
|
191 |
Alexis. |