[FFmpeg-devel] Crash in hpel_motion

Michael Niedermayer michaelni
Mon Apr 12 19:41:43 CEST 2010

On Mon, Apr 12, 2010 at 09:15:26AM +0200, Ian McIntosh wrote:
> Hi
> I recently came across a video file (that contained rather heavily 
> corrupted H263 video data) that would crash in libavcodec with an invalid 
> pointer access in hpel_motion(). The problem was the calculated src_y was a 
> negative number (-13) and the calculated src_x was a positive number (500) 
> which resulted in the calculation src_y * stride + src_x being a negative 
> offset and when added to the pointer src, it would point to a location 
> outside of the bounds of the allocated memory.
> Not 100% sure what the correct manner is to fix this but the attached patch 
> resolved the problem for me.

there should be code already that checks such things
errors in the bitstream should trigger error concealment

anyway your patch is wrong

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have never wished to cater to the crowd; for what I know they do not
approve, and what they approve I do not know. -- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100412/d839ed13/attachment.pgp>

More information about the ffmpeg-devel mailing list