[FFmpeg-devel] [PATCH] avcodec/h263: Fix global-buffer-overflow with noout flag2 set

[Michael Niedermayer]

On Sun, Nov 21, 2021 at 02:58:35AM +0100, Andreas Rheinhardt wrote:
> h263_get_motion_length() forgot to take an absolute value;
> as a consequence, a negative index was used to access an array.
> This leads to potential crashes, but mostly it just accesses what
> is to the left of ff_mvtab (unless one uses ASAN), thereby defeating
> the purpose of the AV_CODEC_FLAG2_NO_OUTPUT because the sizes of
> the returned packets differ from the sizes the encoder would actually
> have produced.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> ---
> Do we need this AV_CODEC_FLAG2_NO_OUTPUT codepath in h263.h and
> mpeg4videoenc.c at all? It seems to have never worked and the speed
> difference to encoding with output is negligible. (And I have not even
> investigated whether the checks for whether said flag is set impact
> the performance of ordinary encoding.)

For 2 pass encoding you dont need the data from the first pass just the
amount.

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Nations do behave wisely once they have exhausted all other alternatives. 
-- Abba Eban
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20211121/2736d7a5/attachment.sig>