[FFmpeg-devel] [HACK] fix CAVS decoder crashes
Reimar Döffinger
Reimar.Doeffinger
Sun Dec 12 21:57:25 CET 2010
On Sun, Dec 12, 2010 at 09:32:20PM +0100, Michael Niedermayer wrote:
> On Sun, Dec 12, 2010 at 05:04:58PM +0100, Reimar D?ffinger wrote:
> > Hello,
> > I have the suspicion this decoder needs heavy fuzzing testing.
> > Anyway, trying to play http://samples.mplayerhq.hu/AVS/AVSFileFormat/AVSFileFormat.es
> > results in crashes which below hack "fixes".
> > Index: libavcodec/cavs.h
> > ===================================================================
> > --- libavcodec/cavs.h (revision 25928)
> > +++ libavcodec/cavs.h (working copy)
> > @@ -242,6 +242,7 @@
> > extern const cavs_vector ff_cavs_dir_mv;
> >
> > static inline void modify_pred(const int_fast8_t *mod_table, int *mode) {
> > + if (*mode < 0) *mode = 0;
> > *mode = mod_table[*mode];
> > if(*mode < 0) {
> > av_log(NULL, AV_LOG_ERROR, "Illegal intra prediction mode\n");
>
> > Index: libavcodec/cavsdec.c
> > ===================================================================
> > --- libavcodec/cavsdec.c (revision 25928)
> > +++ libavcodec/cavsdec.c (working copy)
> > @@ -122,7 +122,7 @@
> >
> > for(i=0;i<65;i++) {
> > level_code = get_ue_code(gb,r->golomb_order);
> > - if(level_code >= ESCAPE_CODE) {
> > + if(level_code >= ESCAPE_CODE || level_code < 0) {
>
> level_code < 0 is a bitstream error and this should not continue
I know, this really needs a maintainer to look, I do not have
enough knowledge and/or time for it.
The patch was meant to give an example what kind of changes would
be necessary and (for that sample) sufficient to fix.
More information about the ffmpeg-devel
mailing list