[Ffmpeg-devel] [BUG] Segfault in h264 decoder on corrupt input

Matthias Hopf mat
Mon Mar 26 12:33:05 CEST 2007


On Mar 20, 07 23:12:29 +0100, Reinhard Nissl wrote:
> > This sample here is short and demonstrates the problem:
> > 	http://home.vrweb.de/~rnissl/ffmpeg/luxe_tv.es.264
> 
> The attached patch improves the situation but doesn't fix it. I need
> some hints whether this is the right way to go ...

With this patch all my issues are gone. Which do you still see?


Given my understanding of the code, one of the following should be done

- Apply the buffer release for PAFF only.
  Only for PAFF s->picture_structure isn't set, so if this field is used
  for checking whether buffers have to be cleared this is the right way
  to go.

- Apply the buffer release for *all* return -1 cases (not only PAFF and
  MBAFF).
  If the buffers aren't released any more as soon as one slice returns
  -1 that would be the way to go. But except for PAFF (which changes the
  picture structure fundamentally) all other cases can be transient
  AFAICS (meaning, hit only on one slice, but not on the complete
  frame). So that sounds wrong.

- Fix the underlying buffer release code.
  I have no clue where that code sits, and under which circumstances it
  is called.

Matthias

-- 
Matthias Hopf <mhopf at suse.de>      __        __   __
Maxfeldstr. 5 / 90409 Nuernberg   (_   | |  (_   |__          mat at mshopf.de
Phone +49-911-74053-715           __)  |_|  __)  |__  R & D   www.mshopf.de




More information about the ffmpeg-devel mailing list