[FFmpeg-devel] [PATCH] mpegvideo: validate block_last_index before dct_unquantize_intra

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sat Dec 19 21:19:27 CET 2015


On 19.12.2015 21:12, Michael Niedermayer wrote:
> On Sat, Dec 19, 2015 at 06:13:37PM +0100, Andreas Cadhalpun wrote:
>> If it is negative, it triggers the assertion in
>> dct_unquantize_h263_intra.
>>
>> This is somehow related to the second hunk of commit 9251942: reverting
>> that prevents these crashes, but breaks the sample from ticket 302.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>
>> Note that the sample from ticket 302 is currently broken anyway, printing
>> lots of "slice end not reached but screenspace end" errors.
>> This still works fine with ffmpeg 2.8.
>>
>> ---
>>  libavcodec/mpegvideo.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>>
>> diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
>> index 6d9e265..e8e54ff 100644
>> --- a/libavcodec/mpegvideo.c
>> +++ b/libavcodec/mpegvideo.c
>> @@ -2402,6 +2402,10 @@ unhandled:
>>  static inline void put_dct(MpegEncContext *s,
>>                             int16_t *block, int i, uint8_t *dest, int line_size, int qscale)
>>  {
>> +    if (s->block_last_index[i] < 0) {
>> +        av_log(s->avctx, AV_LOG_WARNING, "Invalid block_last_index in put_dct.\n");
>> +        return;
>> +    }
> 
> how does block_last_index become negative for this ?

It's set to -1 in mpeg4_decode_block.

> this fix doesnt look correct put_dct() is too late to check for any
> bitstream errors

Better ideas are very much welcome. :)
I can also send you a sample showing this problem.

Best regards,
Andreas


More information about the ffmpeg-devel mailing list