[FFmpeg-devel] H263 decoding crash, [BUG] : reading memory past the end of the buffer.

Reimar Döffinger Reimar.Doeffinger
Fri Jun 5 21:13:01 CEST 2009


On Fri, Jun 05, 2009 at 01:06:09PM -0400, Pavel Pavlov wrote:
> > Even if your mail was not meant for this list, the answer is:
> > RTFD (read the fine documentation) before using a function.
> > I paste the relevant part of avcodec.h for your convenience:
> > 
> > /**
> >   * Decodes a video frame from \p buf into \p picture.
> >   * The avcodec_decode_video() function decodes a video frame 
> > from the input
> >   * buffer \p buf of size \p buf_size. To decode it, it makes 
> > use of the
> >   * video codec which was coupled with \p avctx using 
> > avcodec_open(). The
> >   * resulting decoded frame is stored in \p picture.
> >   *
> >   * @warning The input buffer must be \c 
> > FF_INPUT_BUFFER_PADDING_SIZE larger than
> >   * the actual read bytes because some optimized bitstream 
> > readers read
> > 32 or 64
> >   * bits at once and could read over the end.
> > 
> > ...
> > 
> >   */
> > int avcodec_decode_video(AVCodecContext *avctx, AVFrame *picture,
> >                           int *got_picture_ptr,
> >                           const uint8_t *buf, int buf_size); 
> 
> If I had control, I would add in debug mode code that checks
> provided buffer that FF_INPUT_BUFFER_PADDING_SIZE bytes past the 
> end are readable. So that at least with debug build it would be caught 
> instantly, not like rarely after running it for long time in release
> only.

I'd be interested to know how you think that should work.
Unless you assume debug builds are always run with valgrind...



More information about the ffmpeg-devel mailing list