[FFmpeg-devel] [PATCH] Fix decoding crash on some trashed interlaced MPEG2 streams. This fixes issue 2367.

Måns Rullgård mans
Fri Feb 18 17:46:45 CET 2011

Anatoly Nenashev <anatoly.nenashev at ovsoft.ru> writes:

> On 18.02.2011 19:09, Anatoly Nenashev wrote:
>> On 18.02.2011 18:38, M?ns Rullg?rd wrote:
>>> Anatoly Nenashev<anatoly.nenashev at ovsoft.ru>  writes:
>>>> On 18.02.2011 15:26, M?ns Rullg?rd wrote:
>>>>> What is the actual problem you are trying to detect?  Missing
>>>>> reference
>>>>> picture?
>>>> The problem is available when second field of first decoded interlaced
>>>> picture has P-type. In this case inter prediction can be done from the
>>>> first field of current picture (works fine) or from the second field
>>>> of previous  picture (crashes decoder). Sample exploit attached to
>>>> issue 2367. This sample was specially prepared to show the problem.
>>> Couldn't that be checked per frame instead of per MB?  Sure, doing it
>>> per MB might allow decoding some blocks, but is that really worth it?
>> I don't know how to  made this check per frame because there may be
>> some macroblocks predicted from the first field of current picture
>> and the other predicted from the second field of previous picture. I
>> can't find this information without decoding each macroblock.
> May be there is another way to fix this problem. For now mpeg2 decoder
> doesn't check mismatch of temporal_reference value in first and second
> fields. We may check if temporal_reference values for the first and
> second fields are mismatched and then skip second field decoding. May
> be it's about another problem but this also fixes crash of decoder on
> exploit sample.

I think this check fixing your crash is accidental.  What if you change
your file so the temporal_reference fields match?

M?ns Rullg?rd
mans at mansr.com

More information about the ffmpeg-devel mailing list