[Ffmpeg-devel] h264 decoder bug

[Guillaume POIRIER]

On 8/16/06, Cameron Alderton <c.alderton at indigovision.com> wrote:
> There is a nasty little bug in h264.c.
>
> In function decode_residual(), the variable total_coeff is assigned through
> a call to pred_non_zero_count() which limits the return value to a maximum
> of 31, however the variable total_coeff is then used to access the elements
> in the coeff_token_table_index array which only contains 16 items. As you
> would expect, this causes a crash.

Do you have a H.264 sample that allows to reproduce the crash?
If so, can you upload it in ftp://ftp.mplayerhq.hu/MPlayer/incoming/ ?

Guillaume
-- 
A thing is not necessarily true because a man dies for it.
-- Oscar Wilde