[PATCH] Re: [Ffmpeg-devel] FFmpeg: H.264 decoding issue

Michael Niedermayer michaelni
Wed Feb 21 19:43:17 CET 2007 

Hi

On Wed, Feb 21, 2007 at 01:53:29PM +0100, Matthias Hopf wrote:
> Hey,
> 
> On Feb 20, 07 19:57:46 +0100, Michael Niedermayer wrote:
> > > Index: libavcodec/utils.c
> > > ===================================================================
> > > --- libavcodec/utils.c	(revision 8020)
> > > +++ libavcodec/utils.c	(working copy)
> > > @@ -278,7 +278,7 @@
> > >  
> > >          if(!(s->flags&CODEC_FLAG_EMU_EDGE)){
> > >              w+= EDGE_WIDTH*2;
> > > -            h+= EDGE_WIDTH*2;
> > > +            h+= EDGE_WIDTH*2+1;		// +1 for potential interlace (MPV_frame_start)
> > 
> > why?
> 
> MPV_frame_start:
> 
>     if(s->picture_structure!=PICT_FRAME){
>         int i;
>         for(i=0; i<4; i++){
>             if(s->picture_structure == PICT_BOTTOM_FIELD){
>                  s->current_picture.data[i] += s->current_picture.linesize[i];
>             }
>             s->current_picture.linesize[i] *= 2;
>             s->last_picture.linesize[i] *=2;
>             s->next_picture.linesize[i] *=2;
>         }
>     }
> 
> If the frames are still used in a progressive fashion afterwards (e.g.
> because PAFF isn't implemented), a buffer overflow occurs.

if the headers in h.264 say PAFF then the damn decoder should return -1
not set picture_structure ! until PAFF is implemented at least ...


> But the crash I've seen so far happens in MPV_frame_end, which is AFAICS
> decoder independent (well, MPEG, but no further diversification). So
> IMHO this could even happen with MPEG2.

theres no umv or edges in MPEG2 and no field pics in mpeg4 and for h.264
draw_edges with interlacing is impossible IIRC as the edges depend on
how they are used, h.264 certainly has 10 times mores messed up interlacing
support then any previous codec

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070221/2e9a1f2d/attachment.pgp>

More information about the ffmpeg-devel mailing list