[FFmpeg-trac] #6649(avcodec:new): DNxHR 444 encoding crashes because of wrong macroblock size

[FFmpeg]

#6649: DNxHR 444 encoding crashes because of wrong macroblock size
-------------------------------------+-----------------------------------
             Reporter:  devernay     |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  normal       |                Component:  avcodec
              Version:  git-master   |               Resolution:
             Keywords:  DNxHD DNxHR  |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-----------------------------------

Comment (by devernay):

 I agree, the last lines of the image are corrupted.

 Here's the crash. It happens on the last macroblock line (mb_x=0 mb_y=
 67), which goes beyond the limits of the 1920x1080 input image by 8 pixels
 (68*16=1088).

 However, the condition of the test was not triggered, because mb_y << 3 +
 8 = 544, which is half of ctx->m.avctx->height=1088.

 My fix of the test itself is probably right, but there are certainly more
 errors inside the if() section after the test.


 {{{
 * thread #17, name = 'Parallel render thread (0x600001042590)', stop
 reason = EXC_BAD_ACCESS (code=1, address=0x1b6b78700)
   * frame #0: 0x000000019ab09a8b
 libavcodec.57.dylib`get_pixels_16_c(block=0x00000001a027c080, pixels="",
 stride=3840) at pixblockdsp.c:31
     frame #1: 0x000000019a5ffe1a
 libavcodec.57.dylib`dnxhd_calc_bits_thread [inlined]
 dnxhd_get_blocks(ctx=0x00000001a0279000, mb_x=0, mb_y=67) at
 dnxhdenc.c:832
     frame #2: 0x000000019a5ff69f
 libavcodec.57.dylib`dnxhd_calc_bits_thread(avctx=0x0000000108311200,
 arg=0x0000000000000000, jobnr=67, threadnr=0) at dnxhdenc.c:871
     frame #3: 0x000000019ac6d312
 libavcodec.57.dylib`avcodec_default_execute2(c=0x0000000108311200,
 func=(libavcodec.57.dylib`dnxhd_calc_bits_thread at dnxhdenc.c:853),
 arg=0x0000000000000000, ret=0x0000000000000000, count=68) at utils.c:1028
     frame #4: 0x000000019a6007d1
 libavcodec.57.dylib`dnxhd_find_qscale(ctx=0x00000001a0279000) at
 dnxhdenc.c:1126
     frame #5: 0x000000019a5fd270
 libavcodec.57.dylib`dnxhd_encode_fast(avctx=0x0000000108311200,
 ctx=0x00000001a0279000) at dnxhdenc.c:1227
     frame #6: 0x000000019a5fae1d
 libavcodec.57.dylib`dnxhd_encode_picture(avctx=0x0000000108311200,
 pkt=0x000070000b83f588, frame=0x000000019ffb7900,
 got_packet=0x000070000b83f584) at dnxhdenc.c:1312
     frame #7: 0x000000019ac70d5e
 libavcodec.57.dylib`avcodec_encode_video2(avctx=0x0000000108311200,
 avpkt=0x000070000b83f588, frame=0x000000019ffb7900,
 got_packet_ptr=0x000070000b83f584) at utils.c:2008

 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6649#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker