[FFmpeg-trac] #4148(avcodec:open): Crash in ff_add_bytes_l2_sse2 when decoding attached APNG file
FFmpeg
trac at avcodec.org
Tue Dec 2 12:11:18 CET 2014
#4148: Crash in ff_add_bytes_l2_sse2 when decoding attached APNG file
-------------------------------------+-------------------------------------
Reporter: benoit | Owner:
Type: defect | Status: open
Priority: important | Component: avcodec
Version: git-master | Resolution:
Keywords: png crash | Blocked By:
SIGSEGV regression | Reproduced by developer: 1
Blocking: |
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by benoit):
0) yes, I am sure, at least it is advertised as being so (see
libavcodec/pngdec.c:674)
1) no, it cannot, it's working on (arbitrary) subsets of a buffer, and the
alignment cannot be guaranteed
2) the only thing I can tell is that it is only affecting certain APNG
files, but their number is something that can vary
3) I thought of something like a "prologue" for the function, just like
the end of the buffer is handled. My yasm skills are void, though, so I
think a first approach would be to branch as I proposed (using your first
version in 6) above)
I'll send a patch to do that shortly.
Thank you.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4148#comment:8>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list