[FFmpeg-devel] VP6 issues in Swfdec

Michael Niedermayer michaelni
Wed Sep 5 15:00:01 CEST 2007 

Hi

On Wed, Sep 05, 2007 at 01:27:31PM +0200, Benjamin Otte wrote:
> Hi,
> 
> I'm one of the Swfdec[1] Flash player developers. As you may be aware,
> Flash uses VP6 as a possible video decoder.
> Someone recently grabbed all of the videos at http://pown.alluc.org
> and threw them at ffmpeg. Surprisingly, lots of them killed the vp6
> decoder and in turn my browser.
> 
> I'll attached a series of patches for issues that I could fix myself,
> and point out issues I could not fix myself.
> If you want to reproduce the issues, you'll have to get swfdec git,
> wget the files I'll point to and try to play them with player/swfplay
> from the swfdec sources.

some quick review below, bugfixes and actual patch approval are
our vp6 maintainers problem :)


[...]

> Index: libavcodec/vp6.c
> ===================================================================
> --- libavcodec/vp6.c	(revision 10398)
> +++ libavcodec/vp6.c	(working copy)
> @@ -131,6 +131,10 @@
>                 "alternative entropy decoding not supported\n");
>  
>      if (coeff_offset) {
> +	if (coeff_offset > buf_size) {
> +            av_log(s->avctx, AV_LOG_ERROR, "coeff_offset invalid\n");
> +            return 0;
> +	}

tabs are forbidden in ffmpeg svn


[...]
> Index: libavcodec/imgresample.c
> ===================================================================
> --- libavcodec/imgresample.c	(revision 10398)
> +++ libavcodec/imgresample.c	(working copy)
> @@ -647,6 +647,8 @@
>          ctx->av_class = av_mallocz(sizeof(AVClass));
>      if (!ctx || !ctx->av_class) {
>          av_log(NULL, AV_LOG_ERROR, "Cannot allocate a resampling context!\n");
> +	if (ctx)
> +	    av_free(ctx);

the if(ctx) is unneeded


[...]
> @@ -164,16 +165,21 @@
>   * vp56 specific range coder implementation
>   */
>  
> -static inline void vp56_init_range_decoder(vp56_range_coder_t *c,
> +static void vp56_init_range_decoder(vp56_range_coder_t *c,
>                                             uint8_t *buf, int buf_size)

this doesnt belong in the patch



>  {
>      c->high = 255;
>      c->bits = 8;
>      c->buffer = buf;
> -    c->code_word = bytestream_get_be16(&c->buffer);
> +    if (buf_size < 2) {
> +	c->buf_size = 0;
> +    } else {
> +	c->buf_size = buf_size - 2;
> +	c->code_word = bytestream_get_be16(&c->buffer);
> +    }
>  }

this check is silly, the code prior this function reads without
checking, also calling vp56_init_range_decoder on a non existing
buffer seems odd

and the checks could be simplified by keeping track of a pointer to
the end of the buffer instead of decreasing buf_size every time

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I know you won't believe me, but the highest form of Human Excellence is
to question oneself and others. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070905/4bc43f1d/attachment.pgp>

More information about the ffmpeg-devel mailing list