[FFmpeg-trac] #764(avcodec:new): Increasing robustness of runlength decoding for scantable access in mpeg12.c

FFmpeg trac at avcodec.org
Fri Dec 16 23:31:44 CET 2011 

#764: Increasing robustness of runlength decoding for scantable access in
mpeg12.c
-------------------------------------+-------------------------------------
             Reporter:  erik         |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  normal       |                Component:  avcodec
              Version:  unspecified  |               Resolution:
             Keywords:  mpeg         |               Blocked By:
  robustness                         |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------

Comment (by reimar):

 > It does not crash as the index reaches a maximum value of around 700.

 Where did you get this from? The maximum I get with that sample is 77:
 [mpeg2video @ 0x2c5db40] 3ac-tex damaged at 64 2 67 5
 [mpeg2video @ 0x2c5db40] 3ac-tex damaged at 64 2 67 5
 [mpeg2video @ 0x2c5db40] 3ac-tex damaged at 67 7 77 65
 [mpeg2video @ 0x2c5db40] 3ac-tex damaged at 67 19 66 65
 [mpeg2video @ 0x2c5db40] 2ac-tex damaged at 48 37 65 65

 Output generated by this patch:
 --- a/libavcodec/mpeg12.c
 +++ b/libavcodec/mpeg12.c
 @@ -140,7 +140,7 @@ static inline int
 mpeg1_decode_block_intra(MpegEncContext *s, DCTELEM *block, in
                  }
              }
              if (i > 63) {
 -                av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d
 %d\n", s->mb_x, s->mb_y);
 +                av_log(s->avctx, AV_LOG_ERROR, "0ac-tex damaged at %d %d
 %d %d\n", s->mb_x, s->mb_y, i, run);
                  return -1;
              }

 @@ -215,7 +215,7 @@ static inline int
 mpeg1_decode_block_inter(MpegEncContext *s, DCTELEM *block, in
                  }
              }
              if (i > 63) {
 -                av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d
 %d\n", s->mb_x, s->mb_y);
 +                av_log(s->avctx, AV_LOG_ERROR, "1ac-tex damaged at %d %d
 %d %d\n", s->mb_x, s->mb_y, i, run);
                  return -1;
              }

 @@ -363,7 +363,7 @@ static inline int
 mpeg2_decode_block_non_intra(MpegEncContext *s, DCTELEM *block
                  }
              }
              if (i > 63) {
 -                av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d
 %d\n", s->mb_x, s->mb_y);
 +                av_log(s->avctx, AV_LOG_ERROR, "2ac-tex damaged at %d %d
 %d %d\n", s->mb_x, s->mb_y, i, run);
                  return -1;
              }

 @@ -508,7 +508,7 @@ static inline int
 mpeg2_decode_block_intra(MpegEncContext *s, DCTELEM *block, in
                  }
              }
              if (i > 63) {
 -                av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d
 %d\n", s->mb_x, s->mb_y);
 +                av_log(s->avctx, AV_LOG_ERROR, "3ac-tex damaged at %d %d
 %d %d\n", s->mb_x, s->mb_y, i, run);
                  return -1;
              }

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/764#comment:11>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list