[FFmpeg-devel] A patch to fix buffer overflow when decoding h264

Michael Niedermayer michaelni
Wed May 26 17:34:02 CEST 2010

On Wed, May 26, 2010 at 03:34:38PM +0300, Antti Nietosvaara wrote:
> I was experiencing crashes when decoding certain h264 videos (unfortunately 
> it is quite hard to extract the problematic stream for replication, since 
> its in proprietary DVR format).
> It seems that s->mb_height can change in decode_slice_header after 
> alloc_tables has been called for the current context, which causes 
> overflows later. Hopefully this behaviour can be confirmed without a sample 
> stream.
> I have attached a patch that reallocates the tables if mb_width or 
> mb_height change.

what is changing mb_height without changing height?

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100526/15d370f2/attachment.pgp>

More information about the ffmpeg-devel mailing list