[FFmpeg-devel] H263 decoding crash, [BUG] : reading memory past the end of the buffer.
Reimar Döffinger
Reimar.Doeffinger
Fri Jun 5 21:13:01 CEST 2009
On Fri, Jun 05, 2009 at 01:06:09PM -0400, Pavel Pavlov wrote:
> > Even if your mail was not meant for this list, the answer is:
> > RTFD (read the fine documentation) before using a function.
> > I paste the relevant part of avcodec.h for your convenience:
> >
> > /**
> > * Decodes a video frame from \p buf into \p picture.
> > * The avcodec_decode_video() function decodes a video frame
> > from the input
> > * buffer \p buf of size \p buf_size. To decode it, it makes
> > use of the
> > * video codec which was coupled with \p avctx using
> > avcodec_open(). The
> > * resulting decoded frame is stored in \p picture.
> > *
> > * @warning The input buffer must be \c
> > FF_INPUT_BUFFER_PADDING_SIZE larger than
> > * the actual read bytes because some optimized bitstream
> > readers read
> > 32 or 64
> > * bits at once and could read over the end.
> >
> > ...
> >
> > */
> > int avcodec_decode_video(AVCodecContext *avctx, AVFrame *picture,
> > int *got_picture_ptr,
> > const uint8_t *buf, int buf_size);
>
> If I had control, I would add in debug mode code that checks
> provided buffer that FF_INPUT_BUFFER_PADDING_SIZE bytes past the
> end are readable. So that at least with debug build it would be caught
> instantly, not like rarely after running it for long time in release
> only.
I'd be interested to know how you think that should work.
Unless you assume debug builds are always run with valgrind...
More information about the ffmpeg-devel
mailing list