[FFmpeg-devel] questions about VP8 decode, we found that there seems some buggs of code

Ronald S. Bultje rsbultje at gmail.com
Wed Apr 17 22:47:06 CEST 2013


On Tue, Apr 16, 2013 at 7:32 PM, Wei Gao <highgod0401 at gmail.com> wrote:

> Hi,
> the detail is as follows:
> in the dsputil_template.c function: ff_emulated_edge_mc()
> this function will be used to copy a rectangular area of samples to a
> temporary buffer and replicate the
> border samples.
> line 165 to 170:    // copy existing part    for(; y<end_y; y++){
> memcpy(buf, src, w*sizeof(pixel));        src += linesize;        buf +=
> linesize;    }
> the numbers of the loop is the end_y and when the (src + end_y * linesize)
> was out of the border of the memory
> of the src, the data of the buf will be chaotic and unsafe.
> for example:the vp8_mc_luma() function in the vp8.c will call the
> ff_emulated_edge_mc() function. when the input video is
> 1080p, in the last line the end_y = 19 and the (src + 19 * linesize) will
> be out of the border of the memory
> of the src.

Do you have a sample that gives valgrind/asan warnings, different output
than the reference decoder (libvpx/dixie) or otherwise can help us verify
the bug?


More information about the ffmpeg-devel mailing list