Opened 2 years ago

Closed 22 months ago

#1554 closed defect (fixed)

Decoder accesses deleted SPS decoding Multilayer stream

Reported by: nikolai.shostak Owned by:
Priority: minor Milestone:
Component: VTM Version: VTM-16.0
Keywords: Cc: ksuehring, XiangLi, fbossen, jvet@…

Description

When decoder flushes reconstructed frame to a file in xFlushOutput() it uses chroma format from SPS pointer which may be deleted

            const SPS* sps = pcPic->cs->sps; // <- may be dangling
            ChromaFormat chromaFormatIDC = sps->getChromaFormatIdc();

Pre-condictions:

  • 2 layers
  • 2 OLSs, both layers are output layers for second OLS
  • targetOlsIdx = 1
  • both layers are All Intra (all pictures are IDR)
  • each layer refers to it's own SPS (say SPS0 and SPS1)
  • SPSs with the same IDs are signalled with every picture
  • SPSs content changes (legit since it is a new CVS)
  • dpb_max_dec_pic_buffering_minus1 > 1

dpb_max_num_reorder_pics > 1

What happens:

AU0:

  • SPS0 for layer0 is activated
  • PU0 for layer0 is decoded
  • but not outputted via xWriteOutput() because of - dpb_max_dec_pic_buffering_minus1 > 1 and dpb_max_num_reorder_pics > 1
  • SPS1 for layer1 is activated, SPS0 is deactivated but not deleted yet
  • PU0 for layer1 is decoded
  • but again not outputted via xWriteOutput()

AU1:

  • SPS0 for layer0 is found and it is different from the old one
  • old SPS0 is deleted (since it is not among active SPSs and therefore not swapped into m_lastActiveParameterSet)
  • new SPS0 is activated
  • since PU1 is IDR, xFlushOutput() is called
  • in xFlushOutput(): pcPic->cs->sps which refers to deleted SPS0 is accessed

This doesn't happend with single-layer All Intra because life-time of deleted SPS is extended by swap with m_lastActiveParameterSet. SPS lives long enough to safely flush picture to a file.

Ultimate fix is to use std::shared_ptr for SPS and PPS in CodingStructure instead of raw pointers.

Also possible fix could be to save chromaFormatIDC inside Picture object and use it in xFlushOutput().

Problem is that it is not enough when option "--UpscaledOutput" is used. In this case decoder needs some other parameters from potentially dangling SPS and PPS.

PS. I re-opened https://jvet.hhi.fraunhofer.de/trac/vvc/ticket/1553 for correct "component", since trac seems not to update CC list after editing "component" of existing ticket

Change history (3)

comment:1 Changed 2 years ago by nikolai.shostak

Ticket #1553 has been marked as a duplicate of this ticket.

comment:2 Changed 23 months ago by nikolai.shostak

MR https://vcgit.hhi.fraunhofer.de/jvet/VVCSoftware_VTM/-/merge_requests/2235

Temporary workaround for the issue.

Please let me known if it is acceptable way to fix it.

comment:3 Changed 22 months ago by nikolai.shostak

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.