[MPlayer-dev-eng] [PATCH] Memory corruption in vf_tile.c
Guillaume POIRIER
poirierg at gmail.com
Wed Sep 20 07:39:50 CEST 2006
Hi,
On 4/27/06, Evgeniy Stepanov <eugeni.stepanov at gmail.com> wrote:
> When playing
> ftp://toro.imec.msu.ru/users/eugeni/1.mkv
> with a simple filter (without get_image() and slices support), for example -vf
> tile=1:1, put_image receives images with mpi->h = 360 and chroma_height =
> 184. Then, vf_get_image generates an image with chroma_height = 180, and
> memcpy_pic(..., mpi->chroma_height, ...) leads to memory corruption.
>
> The same code is found in vf_expand.c, but I was not able to trigger the bug
> there.
>
> Suggested patch uses mpi->h >> mpi->chroma_y_shift instead of
> mpi->chroma_height. Is this correct, or the problem lies somewhere else ?
Evgeniy, you've got the power to commit this one... is it still needed?
Guillaume
--
With DADVSI (http://en.wikipedia.org/wiki/DADVSI), France finally has
a lead on USA on selling out individuals right to corporations!
Vive la France!
More information about the MPlayer-dev-eng
mailing list