[FFmpeg-cvslog] avcodec/mpegvideo: fix ac/dc_val and coded_block table sizes
Michael Niedermayer
git at videolan.org
Fri Jan 3 21:34:00 CET 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Jan 3 20:20:12 2014 +0100| [950fb8acb42f4dab9b1638721992991c0584dbf5] | committer: Michael Niedermayer
avcodec/mpegvideo: fix ac/dc_val and coded_block table sizes
With interlaced vc1 it was possible that accesses could happen outside these
tables before this.
Regression since 017e234c204f8ffb5f85a073231247881be1ac6f
Reproduced with a sample from Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes (again) : 480i30__codec_WVC1__mode_2__framerate_29.970__type_2__preproc_17.SIGFPE.bfa.390.wmv
No releases are affected by this
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=950fb8acb42f4dab9b1638721992991c0584dbf5
---
libavcodec/mpegvideo.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index cf71784..ccfbe65 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -552,6 +552,9 @@ static int init_duplicate_context(MpegEncContext *s)
int yc_size = y_size + 2 * c_size;
int i;
+ if (s->mb_height & 1)
+ yc_size += 2*s->b8_stride + 2*s->mb_stride;
+
s->edge_emu_buffer =
s->me.scratchpad =
s->me.temp =
@@ -899,6 +902,9 @@ static int init_context_frame(MpegEncContext *s)
c_size = s->mb_stride * (s->mb_height + 1);
yc_size = y_size + 2 * c_size;
+ if (s->mb_height & 1)
+ yc_size += 2*s->b8_stride + 2*s->mb_stride;
+
FF_ALLOCZ_OR_GOTO(s->avctx, s->mb_index2xy, (s->mb_num + 1) * sizeof(int), fail); // error ressilience code looks cleaner with this
for (y = 0; y < s->mb_height; y++)
for (x = 0; x < s->mb_width; x++)
@@ -956,7 +962,7 @@ static int init_context_frame(MpegEncContext *s)
}
if (s->out_format == FMT_H263) {
/* cbp values */
- FF_ALLOCZ_OR_GOTO(s->avctx, s->coded_block_base, y_size, fail);
+ FF_ALLOCZ_OR_GOTO(s->avctx, s->coded_block_base, y_size + (s->mb_height&1)*2*s->b8_stride, fail);
s->coded_block = s->coded_block_base + s->b8_stride + 1;
/* cbp, ac_pred, pred_dir */
More information about the ffmpeg-cvslog
mailing list