[Ffmpeg-devel][PATCH] Possible bug in bmp decoder

Michel Bardiaux mbardiaux
Mon Jan 29 15:05:17 CET 2007


Reimar Doeffinger wrote:
> Hello,
> On Mon, Jan 29, 2007 at 02:18:47PM +0100, Michel Bardiaux wrote:
>> Alex Beregszaszi wrote:
>>>> ...
>>>>     switch(depth){
>>>>     case 24:
>>>>         for(i = 0; i < avctx->height; i++){
>>>>             memcpy(ptr, buf, n);
>>>>             buf += n;
>>>>             ptr += linesize;
>>>>         }
>>>>         break;
>>>> ...
>>>>
>>>> Should it not be memcpy(ptr, buf, linesize) ?
>>> n probably means input linesize, while linesize is the output linesize.
>> Yes.
>>
>>> I guess 24bit BMP doesnt stores the padding 1 byte.
>> Actually it does, see
>>
>>     /* Line size in file multiple of 4 */
>>     n = (avctx->width * (depth / 8) + 3) & ~3;
>>
>> and that's why I am suspicious.
> 
> Neither is right, avctx->width * (depth >> 3) is the right value.

Yes. Patch attached.

> Though if avctx->get_buffer guarantees proper alignment of lines (which
> I doubt) n would be fine too. 

There is no way default_get_buffer could guarantee an alignment that is 
not an internal constraint but a part of the BMP spec.

> linesize certainly isn't though (esp. note
> that linesize can be < 0).

Yes.

Greetings,
-- 
Michel Bardiaux
R&D Director
T +32 [0] 2 790 29 41
F +32 [0] 2 790 29 02
E mailto:mbardiaux at mediaxim.be

Mediaxim NV/SA
Vorstlaan 191 Boulevard du Souverain
Brussel 1160 Bruxelles
http://www.mediaxim.com/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: lavc_bmpdec_4.pat
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070129/3636d470/attachment.asc>



More information about the ffmpeg-devel mailing list