[FFmpeg-devel] Crash in hpel_motion
Ian McIntosh
ianm
Mon Apr 12 09:15:26 CEST 2010
Hi
I recently came across a video file (that contained rather heavily
corrupted H263 video data) that would crash in libavcodec with an
invalid pointer access in hpel_motion(). The problem was the calculated
src_y was a negative number (-13) and the calculated src_x was a
positive number (500) which resulted in the calculation src_y * stride +
src_x being a negative offset and when added to the pointer src, it
would point to a location outside of the bounds of the allocated memory.
Not 100% sure what the correct manner is to fix this but the attached
patch resolved the problem for me.
Ian
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: negative_motion_vector_patch
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100412/b3756ef0/attachment.asc>
More information about the ffmpeg-devel
mailing list