[FFmpeg-devel] H263 decoding crash, [BUG] : reading memory past the end of the buffer.
Fri Jun 5 21:13:01 CEST 2009
On Fri, Jun 05, 2009 at 01:06:09PM -0400, Pavel Pavlov wrote:
> > Even if your mail was not meant for this list, the answer is:
> > RTFD (read the fine documentation) before using a function.
> > I paste the relevant part of avcodec.h for your convenience:
> > /**
> > * Decodes a video frame from \p buf into \p picture.
> > * The avcodec_decode_video() function decodes a video frame
> > from the input
> > * buffer \p buf of size \p buf_size. To decode it, it makes
> > use of the
> > * video codec which was coupled with \p avctx using
> > avcodec_open(). The
> > * resulting decoded frame is stored in \p picture.
> > *
> > * @warning The input buffer must be \c
> > FF_INPUT_BUFFER_PADDING_SIZE larger than
> > * the actual read bytes because some optimized bitstream
> > readers read
> > 32 or 64
> > * bits at once and could read over the end.
> > ...
> > */
> > int avcodec_decode_video(AVCodecContext *avctx, AVFrame *picture,
> > int *got_picture_ptr,
> > const uint8_t *buf, int buf_size);
> If I had control, I would add in debug mode code that checks
> provided buffer that FF_INPUT_BUFFER_PADDING_SIZE bytes past the
> end are readable. So that at least with debug build it would be caught
> instantly, not like rarely after running it for long time in release
I'd be interested to know how you think that should work.
Unless you assume debug builds are always run with valgrind...
More information about the ffmpeg-devel