| 1 |
On Mon, 11 Feb 2013 12:25:36 +0100 |
| 2 |
Luca Barbato <lu_zero@g.o> wrote: |
| 3 |
|
| 4 |
> On 11/02/13 03:01, Alexis Ballier wrote: |
| 5 |
> > Sorry, I was away this week end... |
| 6 |
> |
| 7 |
> Not a problem, I should be reachable anytime today. |
| 8 |
> |
| 9 |
|
| 10 |
Will ping you. |
| 11 |
|
| 12 |
> > This is only because libav people do not care at all about what |
| 13 |
> > FFmpeg defines, while FFmpeg seems to care more about its consumers |
| 14 |
> > and users by trying to provide a compatible ABI and API. |
| 15 |
> |
| 16 |
> The reasons about that could be multiple, the facts are those. If you |
| 17 |
> want you application to run in both you pick the Libav API. |
| 18 |
|
| 19 |
Well, then this raises the question: If libav does not care about what |
| 20 |
is done around it, why should we care about libav? |
| 21 |
|
| 22 |
> > Moreover, this is not |
| 23 |
> > true at all when it comes to the parts where supporting both forks |
| 24 |
> > is painful: libavfilter and audio resampling. It is pretty clear |
| 25 |
> > that the audio resampling wheel was reinvented on the libav part, |
| 26 |
> > with a different library name and in 95% of its use cases going |
| 27 |
> > from ffmpeg's audio resampling to libav's is mainly a matter of |
| 28 |
> > 'sed s/swr/avr/'. |
| 29 |
> |
| 30 |
> Not really, the resample library idea was brewing for long even |
| 31 |
> pre-fork, it got released first on FFmpeg because there is this |
| 32 |
> bulimic tendency to add more features in order to be compelling in |
| 33 |
> FFmpeg. |
| 34 |
|
| 35 |
There was a need for it, FFmpeg made it available with 0.10, one year |
| 36 |
before libav-9. Why not re-using libswr into libav, possibly reworking |
| 37 |
it entirely but offering a compatible API? This all sounded to me like |
| 38 |
'we do not care, users and applications can take the mess, it is not |
| 39 |
our problem'. |
| 40 |
There is a problem we are facing today: Some audio decoders started to |
| 41 |
output planar audio when historically ffmpeg/libav audio decoders |
| 42 |
produced only iterleaved audio, how do you suggest to fix this in |
| 43 |
applications? Manually converting planar audio to interleaved (ala |
| 44 |
mplayer)? This does not seem very future-proof, this will have to be |
| 45 |
adapted everytime a new format is added (which will not change lib |
| 46 |
major and thus break application at runtime for poor usage of the |
| 47 |
provided API). Or maybe use a library as a fallback that ensures you it |
| 48 |
will be able to convert any audio format produced by ffmpeg/libav to |
| 49 |
what you need (ala xbmc)? Which one to chose? If I want to support |
| 50 |
ffmpeg then I have to use libswr, because that is the one that has this |
| 51 |
property; If I want to support libav, then I have to use libavr... All |
| 52 |
of this because ~10 people cannot work together, well, really, thank |
| 53 |
you :) |
| 54 |
|
| 55 |
|
| 56 |
> I said already what happened when I started to develop the pulse |
| 57 |
> capture and the generic segmenter in my github as another example of |
| 58 |
> stuff developed by unrelated people and curiously landing before |
| 59 |
> deemed ready by the author in ffmpeg git. (prores could be considered |
| 60 |
> yet another funny example). |
| 61 |
|
| 62 |
Can you point out any important problem? Otherwise, this is simply |
| 63 |
how open source work: this has been published with a free enough |
| 64 |
license, if I were working on these parts I'd not start from scratch |
| 65 |
but from the code available to me... If you want to avoid this, don't |
| 66 |
publish it or publish it with a restrictive license and relicense your |
| 67 |
code once pushing to libav. |
| 68 |
Another funny example are the multithreaded decoders (ffmpeg-mt), |
| 69 |
which was one of the main publicity material at the beginning of libav, |
| 70 |
and suffered from numerous problems in the early days... nevertheless it |
| 71 |
was merged by libav. You are criticizing something that has been done on |
| 72 |
both sides :) |
| 73 |
|
| 74 |
> > Some parts of libavfilter also appeared later in libav, sometimes |
| 75 |
> > with a slightly different API, making it really awful to support |
| 76 |
> > both forks in applications. |
| 77 |
> |
| 78 |
> libavfilter is deemed still not ready for general consumption in Libav |
| 79 |
> and just the set of calls that won't change (hopefully) in the future |
| 80 |
> are provided. Meanwhile we are trying to make the whole buffer |
| 81 |
> management less copy-happy and a little more rational. |
| 82 |
> |
| 83 |
> (not sure if you tried to use libavfilter but it is a _bit_ hard to |
| 84 |
> use if compared to vlc filter layer and such) |
| 85 |
|
| 86 |
Yes, well, if forces were not scattered due to the split then I'm |
| 87 |
pretty sure libavfilter would be in a much better state. IIRC, ffmpeg's |
| 88 |
libavfilter is much more 'copy-less' than current libav's version. |
| 89 |
|
| 90 |
[...] |
| 91 |
> > It is funny to see how libav ignores completely ffmpeg even for |
| 92 |
> > bugfixes, I stumbled over this recently and it sounded familiar: |
| 93 |
> > http://git.libav.org/?p=libav.git;a=commitdiff;h=89f11f498b9c15bc71494a11a7ec560f4adf630d |
| 94 |
> > vs |
| 95 |
> > http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1af91978dbab35ba9fdede187577c00d643ae33b |
| 96 |
> > now, you can look at the dates, there's a one year lag in libav for |
| 97 |
> > reinventing the same bugfix. This is for a format almost nobody |
| 98 |
> > uses, but in any case I do not consider this attitude sane. |
| 99 |
> |
| 100 |
> Nobody is perfect and not everybody has the time to track another |
| 101 |
> project tree every day. |
| 102 |
|
| 103 |
As a Gentoo developer, if you notice a bug in a package, usually the |
| 104 |
first thing you do is pull upstream's trunk repo and see if there is a |
| 105 |
fix available. If you don't do that, you may just be wasting your time. |
| 106 |
Maybe if the time spent reinventing the wheel was spent more |
| 107 |
efficiently by looking at what is done in FFmpeg, then more important |
| 108 |
improvements could be achieved... |
| 109 |
|
| 110 |
> >> and a bit more tested over a wider range of architectures. |
| 111 |
> > |
| 112 |
> > If you are talking about fate, then I cannot comment. fate started |
| 113 |
> > before the split, so I assume the owners of said test machines took |
| 114 |
> > them within their respective fork. |
| 115 |
> |
| 116 |
> That speaks a *bit* about the general support maybe? |
| 117 |
|
| 118 |
fate is quite complete on the ffmpeg side too. For me, this speaks more |
| 119 |
about a useless scattering of forces than anything else... |
| 120 |
|
| 121 |
> > I fully agree there, but you should be careful with who you include |
| 122 |
> > in 'our'. In the case of a default then it is clearly 'the users'. |
| 123 |
> > Now, considering there are a couple (very few) of packages that do |
| 124 |
> > not compile with libav, do you consider having it as default a good |
| 125 |
> > idea? |
| 126 |
> |
| 127 |
> I have no opinion, I stayed out of the discussion and decision about |
| 128 |
> that before because I know I have a bias. I let other people decide. |
| 129 |
|
| 130 |
Note: If pro-libav people would be doing the work of fixing the tree |
| 131 |
and ensuring *everything* works with libav I would not mind at all what |
| 132 |
the default is. So far, I have been doing most of the porting work |
| 133 |
since years, there are packages still not working with libav-0.8, the |
| 134 |
introduction of some libav stuff in the tree caused problems |
| 135 |
(virtual/ffmpeg, libpostproc; nothing inherent to libav, its just it |
| 136 |
was poorly done), there are still numerous patches to support libav |
| 137 |
(mainly because of some libavutil headers missing). I consider FFmpeg |
| 138 |
superior, but can understand there are different opinions, however, if |
| 139 |
this is to lower the tree quality then it is obvious libav shouldn't be |
| 140 |
the default. |
| 141 |
|
| 142 |
> > Those packages can very well be fixed, but if patches do not go |
| 143 |
> > upstream, this is not going to work in the long term. Also, the only |
| 144 |
> > reason why I have not pinned those packages to depend only on |
| 145 |
> > media-video/ffmpeg is because libav is not the default (not entirely |
| 146 |
> > true btw, see later), meaning those that use libav are those that |
| 147 |
> > are willing to help and know what they are doing. If people are to |
| 148 |
> > get libav by default and then hit compile failures to be told to use |
| 149 |
> > ffmpeg, then it is QA 101 that these packages should be depending on |
| 150 |
> > media-video/ffmpeg. |
| 151 |
> |
| 152 |
> You can, if you really want, offset ffmpeg so it doesn't clash with |
| 153 |
> Libav. |
| 154 |
|
| 155 |
Ahahah :) Or maybe, despite the claims of some libav devs, libav should |
| 156 |
realize they are the actual fork (this is now pretty clear since the |
| 157 |
takeover failed and ffmpeg didn't collapse...) and also rename their |
| 158 |
libraries so that the internal libav/ffmpeg fights would not affect |
| 159 |
their users anymore and projects could use what they think best... |
| 160 |
|
| 161 |
|
| 162 |
[...] |
| 163 |
> > Probably true, but I still consider a quick fix disabling the |
| 164 |
> > vulnerability to be released quickly is a good thing. |
| 165 |
> |
| 166 |
> No, it is in general a really stupid idea. You are basically telling |
| 167 |
> the interested attackers where the problem is. Then the attacker does |
| 168 |
> +1 and you have your new, freshly installed application compromised. |
| 169 |
> |
| 170 |
> It is the _worst_ possible service you could do. |
| 171 |
> |
| 172 |
> Think about a random rpc system with 4 calls that are similar and go |
| 173 |
> down the same codepaths, some fuzzer discovers that sending a message |
| 174 |
> with a certain shape let you crash the application. |
| 175 |
> |
| 176 |
> The fix pushed and published with much fanfare is "if $shape then |
| 177 |
> error" for that specific rpc call. |
| 178 |
> Pity that that similar shapes would crash the other rpc calls, thus |
| 179 |
> anybody with interest in crashing the application have a good example |
| 180 |
> on how to do that. |
| 181 |
> |
| 182 |
> Unrelated to the discussion please do not do that in any project you |
| 183 |
> contribute. It is that _bad_ |
| 184 |
|
| 185 |
Fully agree, but a quick fix can very well be 'if overflow then error' |
| 186 |
on the common code path, disabling completely the vulnerability while |
| 187 |
likely rejecting valid requests too (that never worked) and then a |
| 188 |
complete fix would be to rework the code so that there cannot be an |
| 189 |
overflow... |
| 190 |
|
| 191 |
Alexis. |
Archives