[FFmpeg-trac] #764(avcodec:new): Increasing robustness of runlength decoding for scantable access in mpeg12.c
FFmpeg
trac at avcodec.org
Thu Dec 15 20:15:08 CET 2011
#764: Increasing robustness of runlength decoding for scantable access in
mpeg12.c
-------------------------------------+-------------------------------------
Reporter: erik | Owner:
Type: defect | Status: new
Priority: normal | Component: avcodec
Version: unspecified | Resolution:
Keywords: mpeg | Blocked By:
robustness | Reproduced by developer: 0
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by reimar):
> I had great difficulty to get a reproducable crash
Even if the crash is not reproducible a valgrind error usually is.
And you _should_ be able to extract a small sample from the place it
crashes and it should still crash (though it might cost some time to find
the right spot).
Concerning the patch: The maintainer will have to say, but it might make
more sense to just move the existing i > 63 check up so it is done before
the access instead of after.
Though maybe even better just extend the ScanTable struct so we can always
read some more data - if "run" can e.g. never become more that 64 an extra
64 bytes at the end would fix it. Has the advantage of possibly helping
for other codecs, too, should they have similar issues.
And FFmpeg has a "fallback" for such corruption, it is called error
concealment and it is run afterwards and I don't remember anything that
would indicate libmpeg2 is any better at it (which doesn't mean too much
though).
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/764#comment:3>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list