[FFmpeg-devel] [PATCH] Fix MPEG video lowres crash
Sat Dec 18 12:56:31 CET 2010
On 18.12.2010 05:08, Michael Niedermayer wrote:
> There is avcodec_set_dimensions() which sets width/height correctly, the codec
> should call that when being opened. The problem is av_find_stream_info() not
> knowing the user specific lowres and the user is not able to set it as
> av_find_stream_info() can add more streams
> either way your code rounds wrong and might be exploitable
Ok, I don't argue because I'm not a developer of this code but I only
try to specify the problem.
>>> MV=0 does not need the emu code but your change looks
>>> like it would call it. I guess theres rather a oversight related to the length
>>> of the MC filter
>> This fix may by ugly but it was caused by SSSE3/MMX implementation of
>> h264_chroma_mc4. The closest look at the code shows that if mc4 applyed
>> in bottom macroblock's line of picture then overrun from source buffer
>> is available even if MV=0. That issue can be fixed by enlarging
>> picture's buffer size but I've decided that this is not a good solution
>> corresponded to flag CODEC_FLAG_EMU_EDGE.
> see avcodec_align_dimensions2()
I've found the following line in avcodec_align_dimensions2():
if(s->codec_id == CODEC_ID_H264)
*height+=2; // some of the optimized chroma MC reads one line
Does it mean that other decoders which uses h264_chroma_mc must be added
Corresponded patch in attachment. The list is too long therefore
probably I've forgotten some decoders.
I don't like this fix because if somebody will add new decoder which
uses MPV_decode_mb then it will be necessary not to forget to add
decoder in this condition. The other way is just remove the condition
and do "*height+=2" by default.
May be somebody has a better idea.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 894 bytes
Desc: not available
More information about the ffmpeg-devel