[FFmpeg-devel] H263 decoding crash, [BUG] : reading memory past the end of the buffer.
Pavel Pavlov
pavel
Fri Jun 5 19:06:09 CEST 2009
> Even if your mail was not meant for this list, the answer is:
> RTFD (read the fine documentation) before using a function.
> I paste the relevant part of avcodec.h for your convenience:
>
> /**
> * Decodes a video frame from \p buf into \p picture.
> * The avcodec_decode_video() function decodes a video frame
> from the input
> * buffer \p buf of size \p buf_size. To decode it, it makes
> use of the
> * video codec which was coupled with \p avctx using
> avcodec_open(). The
> * resulting decoded frame is stored in \p picture.
> *
> * @warning The input buffer must be \c
> FF_INPUT_BUFFER_PADDING_SIZE larger than
> * the actual read bytes because some optimized bitstream
> readers read
> 32 or 64
> * bits at once and could read over the end.
>
> ...
>
> */
> int avcodec_decode_video(AVCodecContext *avctx, AVFrame *picture,
> int *got_picture_ptr,
> const uint8_t *buf, int buf_size);
If I had control, I would add in debug mode code that checks
provided buffer that FF_INPUT_BUFFER_PADDING_SIZE bytes past the
end are readable. So that at least with debug build it would be caught
instantly, not like rarely after running it for long time in release
only.
More information about the ffmpeg-devel
mailing list