[Ffmpeg-devel] segfault in ff_mpeg1_find_frame_end()

Stefan Lucke stefan
Sat May 14 18:12:59 CEST 2005


On Samstag, 14. Mai 2005 17:35, Michael Niedermayer wrote:
> Hi
> 
> On Saturday 14 May 2005 16:29, Stefan Lucke wrote:

> >
> > In mpeg_decode_frame(), function ff_combine_frame() collects incoming
> > snippets into s2->parse_context . Resulting "buf" is the same as
> > parse_context.buffer . This poniter is duplicated to buf_ptr and adjusted
> > by
> > find_start_code(). If start_code is PICTURE_START_CODE, called
> > mpeg1_decode_picture() in term calls mpeg_decode_postinit() which does
> > MPV_common_end() when there is a change in aspect ratio. In this function
> > av_freep(&s->parse_context.buffer) is called, but mpeg_decode_frame()
> > holds still pointers into that now freed area.
> >
> > So where is the fault in my reading of the code ?
> > Or is this the (seg)fault I get ?
> 
> hmm, i think you are right, theres a bug in libavcodec
> should be fixed
> 
> [...]

It is :-) . Thank you very much.

-- 
Stefan Lucke





More information about the ffmpeg-devel mailing list