[FFmpeg-devel] questions about VP8 decode, we found that there seems some buggs of code
Wei Gao
highgod0401 at gmail.com
Wed Apr 17 04:32:00 CEST 2013
Hi,
the detail is as follows:
in the dsputil_template.c function: ff_emulated_edge_mc()
this function will be used to copy a rectangular area of samples to a
temporary buffer and replicate the
border samples.
line 165 to 170: // copy existing part for(; y<end_y; y++){
memcpy(buf, src, w*sizeof(pixel)); src += linesize; buf +=
linesize; }
the numbers of the loop is the end_y and when the (src + end_y * linesize)
was out of the border of the memory
of the src, the data of the buf will be chaotic and unsafe.
for example:the vp8_mc_luma() function in the vp8.c will call the
ff_emulated_edge_mc() function. when the input video is
1080p, in the last line the end_y = 19 and the (src + 19 * linesize) will
be out of the border of the memory
of the src.
More information about the ffmpeg-devel
mailing list