[FFmpeg-devel] Crash in hpel_motion
Michael Niedermayer
michaelni
Mon Apr 12 19:41:43 CEST 2010
On Mon, Apr 12, 2010 at 09:15:26AM +0200, Ian McIntosh wrote:
> Hi
>
> I recently came across a video file (that contained rather heavily
> corrupted H263 video data) that would crash in libavcodec with an invalid
> pointer access in hpel_motion(). The problem was the calculated src_y was a
> negative number (-13) and the calculated src_x was a positive number (500)
> which resulted in the calculation src_y * stride + src_x being a negative
> offset and when added to the pointer src, it would point to a location
> outside of the bounds of the allocated memory.
>
> Not 100% sure what the correct manner is to fix this but the attached patch
> resolved the problem for me.
there should be code already that checks such things
errors in the bitstream should trigger error concealment
anyway your patch is wrong
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I have never wished to cater to the crowd; for what I know they do not
approve, and what they approve I do not know. -- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100412/d839ed13/attachment.pgp>
More information about the ffmpeg-devel
mailing list