[FFmpeg-devel] [PATCH] Fix decoding crash on some trashed interlaced MPEG2 streams. This fixes issue 2367.

Anatoly Nenashev anatoly.nenashev
Tue Feb 22 10:07:41 CET 2011


On 18.02.2011 19:38, M?ns Rullg?rd wrote:
> Anatoly Nenashev<anatoly.nenashev at ovsoft.ru>  writes:
>
>    
>> On 18.02.2011 18:38, M?ns Rullg?rd wrote:
>>      
>>> Anatoly Nenashev<anatoly.nenashev at ovsoft.ru>   writes:
>>>
>>>
>>>        
>>>> On 18.02.2011 15:26, M?ns Rullg?rd wrote:
>>>>
>>>>          
>>>>> What is the actual problem you are trying to detect?  Missing reference
>>>>> picture?
>>>>>
>>>>>
>>>>>
>>>>>            
>>>> The problem is available when second field of first decoded interlaced
>>>> picture has P-type. In this case inter prediction can be done from the
>>>> first field of current picture (works fine) or from the second field
>>>> of previous  picture (crashes decoder). Sample exploit attached to
>>>> issue 2367. This sample was specially prepared to show the problem.
>>>>
>>>>          
>>> Couldn't that be checked per frame instead of per MB?  Sure, doing it
>>> per MB might allow decoding some blocks, but is that really worth it?
>>>
>>>
>>>        
>> I don't know how to  made this check per frame because there may be
>> some macroblocks predicted from the first field of current picture and
>> the other predicted from the second field of previous picture. I can't
>> find this information without decoding each macroblock.
>>      
> Two possibilities:
>
> - ditch the entire frame if any possible references are missing
> - substitute a dummy picture for missing references
>
> The second of these is equivalent to your patch with less per-MB
> overhead for undamaged files.
>
>    
Second version is implemented.




More information about the ffmpeg-devel mailing list