[FFmpeg-devel] Bugreport: PAFF crashes ffplay, more info than older report, appendix

[Thorsten Jordan]

Hello developers,

sorry, the reply-to doesnt work here, so i have to write one mail after
the another. sorry for the mess. And sorry, the given line numbers may
vary a bit because i spread av_logs over the code.

Now i researched more and have better info.

With h264 decoding PAFF material the decoder recognizes bottom fields
(h264.c, line 4665) and this leads to an increase of the buffer pointer
by wrap (mpegvideo.c, line 1620). This leads to a line-off-by-one error
in draw_edges_mmx or draw_edges_c. This leads either to heap corruption
or to a segfault when running ffmpeg with memory checkers like efence or
DUMA.

I do not know if draw_edges is valid for bottom fields or what goes
wrong here and further research seems much more time demanding. I hope
this info helps you for fixing this.

Thanks so far.

-- 
Regards, Thorsten