[FFmpeg-devel] [PATCH] avcodec/mpeg12dec: Don't adapt (last|next)_pic.linesize for field pics
Michael Niedermayer
michael at niedermayer.cc
Tue Jun 25 19:24:46 EEST 2024
On Mon, Jun 24, 2024 at 02:01:42AM +0200, Andreas Rheinhardt wrote:
> These values are not read anywhere. Furthermore, since commit
> fe6037fd04db8837dcdb9013f9c4ad4e7eb0592e the linesize values
> of the MPVWorkPictures were wrong for subsequent fields
> in a chain of B-pictures (as they are always doubled and no longer
> based upon the frame-linesizes) which can eventually lead to overflow.
>
> Finally, it makes no real sense to ever double the linesize
> of the reference pictures at all: Even when the current picture
> is a field, it can still reference both fields of reference
> pictures and therefore the linesize should allow to address
> both fields (for the same reason, data is not offset for
> reference pictures).
>
> libavcodec/mpeg12dec.c:1304:41: runtime error: signed integer overflow: 4611686018427387904 * 2 cannot be represented in type 'long'
>
> issue: 69732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEGVIDEO_fuzzer-5123551179374592
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> ---
> libavcodec/mpeg12dec.c | 2 --
> 1 file changed, 2 deletions(-)
Tested, fixes the issue
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Some people wanted to paint the bikeshed green, some blue and some pink.
People argued and fought, when they finally agreed, only rust was left.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240625/883f7ede/attachment.sig>
More information about the ffmpeg-devel
mailing list