[FFmpeg-cvslog] r22288 - trunk/libavcodec/avcodec.h
Michael Niedermayer
michaelni
Wed Mar 10 11:15:49 CET 2010
On Wed, Mar 10, 2010 at 07:57:45AM +0100, Reimar D?ffinger wrote:
> On Wed, Mar 10, 2010 at 12:10:43AM +0100, Michael Niedermayer wrote:
> > the h264 spec mandates some size limit on MBs i think something around 400
> > byte for 8bit 4:2:0 but thats just for valid streams, a crafted stream
> > can go far beyond that size for a macro block.
>
> Ok, I suspect padding with 0 is not going to help...
actually i think it does, if iam not missing anything then ~200 bytes might
do with per MB checks
either way someone needs to go over all the code in the MB loop and analyze
how far it can read on zero padded and random padded data.
If we know what piece of code can go farthest then we might be able to
inteligently place a check in there but all this is quite non trivial
if you consider that theres a context adaptive arithmetic coder.
The 2 things that help us is that
1. zero bytes should map to the more probably symbols most of the time
thus making symbols short
2. whatever you feed the ac coder it will adapt so binary symbol size should
tend toward <=1 bit at average over enough time
but the coder state can be arbitrarily poor when we hit the end on a
crafted stream ...
i dont volunteer reviewing h264* for overread behavior
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/attachments/20100310/148c4cb8/attachment-0001.pgp>
More information about the ffmpeg-cvslog
mailing list