[FFmpeg-devel] A patch to fix buffer overflow when decoding h264

Antti Nietosvaara antti
Wed May 26 14:34:38 CEST 2010

I was experiencing crashes when decoding certain h264 videos 
(unfortunately it is quite hard to extract the problematic stream for 
replication, since its in proprietary DVR format).
It seems that s->mb_height can change in decode_slice_header after 
alloc_tables has been called for the current context, which causes 
overflows later. Hopefully this behaviour can be confirmed without a 
sample stream.
I have attached a patch that reallocates the tables if mb_width or 
mb_height change.

Antti Nietosvaara
Turun Turvatekniikka Oy

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: h264_crash_fix.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100526/a24603d1/attachment.asc>

More information about the ffmpeg-devel mailing list