[FFmpeg-devel] Bugreport: PAFF crashes ffplay, more info than older report, appendix

[Thorsten Jordan]

Hello developers,

more info...

the pointer value of "buf" in draw_edges_mmx is exactly "wrap" larger
than the original value of picture->data[0] when the buffer was
allocated -> array out of bounds.
This means a picture is allocated in utils.c,
avcodec_default_get_buffer() and some addresses are put to
picture->data[0] etc.
when later draw_edges_mmx is called in MPV_frame_end() the address is
suprisingly "wrap" bytes larger (here 752 with the example material).
Why this is and why it happens only with PAFF is a mystery...

-- 
Regards, Thorsten