[MPlayer-dev-eng] [PATCH] Memory corruption in vf_tile.c

Evgeniy Stepanov eugeni.stepanov at gmail.com
Thu Apr 27 22:12:54 CEST 2006


When playing
ftp://toro.imec.msu.ru/users/eugeni/1.mkv
with a simple filter (without get_image() and slices support), for example -vf 
tile=1:1, put_image receives images with mpi->h = 360 and chroma_height = 
184. Then, vf_get_image generates an image with chroma_height = 180, and 
memcpy_pic(..., mpi->chroma_height, ...) leads to memory corruption.

The same code is found in vf_expand.c, but I was not able to trigger the bug 
there.

Suggested patch uses mpi->h >> mpi->chroma_y_shift  instead of 
mpi->chroma_height. Is this correct, or the problem lies somewhere else ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chroma_height.patch
Type: text/x-diff
Size: 2001 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20060428/9db22593/attachment.patch>


More information about the MPlayer-dev-eng mailing list