[FFmpeg-devel] [PATCH] diracdec: check that block length is large enough
Michael Niedermayer
michaelni at gmx.at
Wed May 6 01:49:51 CEST 2015
On Tue, May 05, 2015 at 10:39:50PM +0200, Andreas Cadhalpun wrote:
> In init_planes p->xblen and p->yblen are set to:
> p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
> p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
>
> These are later used as block_w and block_h arguments of
> s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
> in emulated_edge_mc:
> av_assert2(start_x < end_x && block_w > 0);
> av_assert2(start_y < end_y && block_h > 0);
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/diracdec.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
> index adbe331..98f2ea9 100644
> --- a/libavcodec/diracdec.c
> +++ b/libavcodec/diracdec.c
> @@ -902,6 +902,10 @@ static int dirac_unpack_prediction_parameters(DiracContext *s)
> /*[DIRAC_STD] 11.2.4 motion_data_dimensions()
> Calculated in function dirac_unpack_block_motion_data */
>
> + if (s->plane[0].xblen >> s->chroma_x_shift <= 0 || s->plane[0].yblen >> s->chroma_y_shift <= 0) {
> + av_log(s->avctx, AV_LOG_ERROR, "Block length too small\n");
> + return -1;
> + }
a broader check is possible
the spec says "Frame height shall be an integer multiple of picture chroma height."
in 10.5.1
ive not found an equivalent for width but from rounding the chroma
width down i doubt that the spec intends to allow non multiplies for
the width
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150506/9011620f/attachment.asc>
More information about the ffmpeg-devel
mailing list