[FFmpeg-devel] [PATCH] Fix segv when decoding gray8

Michael Niedermayer michaelni
Thu Jun 3 12:36:26 CEST 2010


On Wed, Jun 02, 2010 at 06:39:26PM -0700, Baptiste Coudurier wrote:
> Hi guys,
>
> $subject.
>
> frame->data[1] is set by avpicture_fill which is called with buf passed 
> from the demuxer.
> However, for gray8 the data stored is only width*height, so is too small 
> for the palette, and will segv, memcpying.
>
> I'm not sure what is the right fix here, buf is supposed to be const.

as this case can only arrise from use of deprecated (and buggy) palette
passing API, the correct (long term goal) is to change all codecs so they
finally stop using this highly unpredictable race condition ridden api.
until then, your patch may be ok

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No great genius has ever existed without some touch of madness. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100603/1b098bfc/attachment.pgp>



More information about the ffmpeg-devel mailing list