[FFmpeg-devel] Bugreport: PAFF crashes ffplay, more info than older report, appendix

Michael Niedermayer michaelni
Thu May 3 17:08:50 CEST 2007


On Thu, May 03, 2007 at 03:05:46PM +0200, Thorsten Jordan wrote:
> Hello developers,
> sorry, the reply-to doesnt work here, so i have to write one mail after
> the another. sorry for the mess. And sorry, the given line numbers may
> vary a bit because i spread av_logs over the code.
> Now i researched more and have better info.
> With h264 decoding PAFF material the decoder recognizes bottom fields
> (h264.c, line 4665) and this leads to an increase of the buffer pointer
> by wrap (mpegvideo.c, line 1620). This leads to a line-off-by-one error
> in draw_edges_mmx or draw_edges_c. This leads either to heap corruption
> or to a segfault when running ffmpeg with memory checkers like efence or
> I do not know if draw_edges is valid for bottom fields or what goes
> wrong here and further research seems much more time demanding. I hope
> this info helps you for fixing this.

well i dont know the rules for h.264 field pictures and out of picture
sample repeation (i would have to check the h.264 spec) but i guess
that they almost certainly will repeat even and odd independant of each
other, that is draw_edges of each field seperately
if true images will have to be allocated to be large enough for the amount
of repeation done (repeating less is possible too)

patch welcome

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070503/e6b0ed17/attachment.pgp>

More information about the ffmpeg-devel mailing list