[FFmpeg-devel] [PATCH] Fix decoding crash on some trashed interlaced MPEG2 streams. This fixes issue 2367.

Michael Niedermayer michaelni at gmx.at
Thu May 12 00:05:30 CEST 2011 

On Tue, Feb 22, 2011 at 12:07:41PM +0300, Anatoly Nenashev wrote:
> On 18.02.2011 19:38, Måns Rullgård wrote:
>> Anatoly Nenashev<anatoly.nenashev at ovsoft.ru>  writes:
>>
>>    
>>> On 18.02.2011 18:38, Måns Rullgård wrote:
>>>      
>>>> Anatoly Nenashev<anatoly.nenashev at ovsoft.ru>   writes:
>>>>
>>>>
>>>>        
>>>>> On 18.02.2011 15:26, Måns Rullgård wrote:
>>>>>
>>>>>          
>>>>>> What is the actual problem you are trying to detect?  Missing reference
>>>>>> picture?
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>> The problem is available when second field of first decoded interlaced
>>>>> picture has P-type. In this case inter prediction can be done from the
>>>>> first field of current picture (works fine) or from the second field
>>>>> of previous  picture (crashes decoder). Sample exploit attached to
>>>>> issue 2367. This sample was specially prepared to show the problem.
>>>>>
>>>>>          
>>>> Couldn't that be checked per frame instead of per MB?  Sure, doing it
>>>> per MB might allow decoding some blocks, but is that really worth it?
>>>>
>>>>
>>>>        
>>> I don't know how to  made this check per frame because there may be
>>> some macroblocks predicted from the first field of current picture and
>>> the other predicted from the second field of previous picture. I can't
>>> find this information without decoding each macroblock.
>>>      
>> Two possibilities:
>>
>> - ditch the entire frame if any possible references are missing
>> - substitute a dummy picture for missing references
>>
>> The second of these is equivalent to your patch with less per-MB
>> overhead for undamaged files.
>>
>>    
> Second version is implemented.
>

>  mpegvideo.c |    9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> cf17a29128eb6b8d28e4fb9cd220820500a846ee  0001-Fix-crash-of-interlaced-MPEG2-decoding.patch
> From ccb5ded4abd41894b9a41c4d59a9a2aad3683ea7 Mon Sep 17 00:00:00 2001
> From: anatoly <anatoly.nenashev at ovsoft.ru>
> Date: Tue, 22 Feb 2011 12:04:50 +0300
> Subject: [PATCH] Fix crash of interlaced MPEG2 decoding

a little late but patch applied and issue fixed
thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110512/095e5bc7/attachment.asc>

More information about the ffmpeg-devel mailing list