[FFmpeg-devel] [PATCH] Fix decoding crash on some trashed interlaced MPEG2 streams. This fixes issue 2367.
Anatoly Nenashev
anatoly.nenashev
Fri Feb 18 17:26:24 CET 2011
On 18.02.2011 19:09, Anatoly Nenashev wrote:
> On 18.02.2011 18:38, M?ns Rullg?rd wrote:
>> Anatoly Nenashev<anatoly.nenashev at ovsoft.ru> writes:
>>
>>> On 18.02.2011 15:26, M?ns Rullg?rd wrote:
>>>> What is the actual problem you are trying to detect? Missing
>>>> reference
>>>> picture?
>>>>
>>>>
>>> The problem is available when second field of first decoded interlaced
>>> picture has P-type. In this case inter prediction can be done from the
>>> first field of current picture (works fine) or from the second field
>>> of previous picture (crashes decoder). Sample exploit attached to
>>> issue 2367. This sample was specially prepared to show the problem.
>> Couldn't that be checked per frame instead of per MB? Sure, doing it
>> per MB might allow decoding some blocks, but is that really worth it?
>>
> I don't know how to made this check per frame because there may be
> some macroblocks predicted from the first field of current picture and
> the other predicted from the second field of previous picture. I can't
> find this information without decoding each macroblock.
>
May be there is another way to fix this problem. For now mpeg2 decoder
doesn't check mismatch of temporal_reference value in first and second
fields. We may check if temporal_reference values for the first and
second fields are mismatched and then skip second field decoding. May be
it's about another problem but this also fixes crash of decoder on
exploit sample.
More information about the ffmpeg-devel
mailing list