[Ffmpeg-devel] [BUG] Segfault in h264 decoder on corrupt input
Michael Niedermayer
michaelni
Thu Mar 15 19:16:02 CET 2007
Hi
On Thu, Mar 15, 2007 at 03:07:19PM +0100, Matthias Hopf wrote:
> On Mar 14, 07 15:58:44 +0100, Panagiotis Issaris wrote:
> > The commandline used to cause the crash:
> > ffplay_g -stats pi-20070314T154046-ffmpeg-ffplay_crash.h264
> > Input #0, h264, from 'pi-20070314T154046-ffmpeg-ffplay_crash.h264':
> > Duration: N/A, bitrate: N/A
> > Stream #0.0: Video: h264, yuv420p, 320x240, 25.00 fps(r)
> > [h264 @ 0x847a2dc]negative number of zero coeffs at 13 5
> > ...
> > [h264 @ 0x847a2dc]decode_slice_header error
> > [h264 @ 0x847a2dc]concealing 300 DC, 300 AC, 300 MV errors
> > Segmentation fault (core dumped)
>
> The attached patch *might* also fix this one. Please test.
> But don't hold your breath.
[...]
> Index: h264.c
> ===================================================================
> --- h264.c (revision 8408)
> +++ h264.c (working copy)
> @@ -4659,8 +4659,9 @@
> s->picture_structure= PICT_FRAME;
> }else{
> if(get_bits1(&s->gb)) { //field_pic_flag
> - s->picture_structure= PICT_TOP_FIELD + get_bits1(&s->gb); //bottom_field_flag
> + //s->picture_structure= PICT_TOP_FIELD + get_bits1(&s->gb); //bottom_field_flag
> av_log(h->s.avctx, AV_LOG_ERROR, "PAFF interlacing is not implemented\n");
> + return -1;
> } else {
ok
> s->picture_structure= PICT_FRAME;
> h->mb_aff_frame = h->sps.mb_aff;
> @@ -4716,8 +4717,10 @@
> if(h->slice_type == P_TYPE || h->slice_type == SP_TYPE || h->slice_type == B_TYPE){
> if(h->slice_type == B_TYPE){
> h->direct_spatial_mv_pred= get_bits1(&s->gb);
> - if(h->sps.mb_aff && h->direct_spatial_mv_pred)
> + if(h->sps.mb_aff && h->direct_spatial_mv_pred){
> av_log(h->s.avctx, AV_LOG_ERROR, "MBAFF + spatial direct mode is not implemented\n");
> + return -1;
> + }
> }
ok
> num_ref_idx_active_override_flag= get_bits1(&s->gb);
>
> @@ -8175,7 +8178,7 @@
>
> if(decode_slice_header(h) < 0){
> av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
> - break;
> + return -1;
> }
> s->current_picture_ptr->key_frame= (h->nal_unit_type == NAL_IDR_SLICE);
> if(h->redundant_pic_count==0 && s->hurry_up < 5
not ok
> @@ -8193,6 +8196,7 @@
>
> if(decode_slice_header(h) < 0){
> av_log(h->s.avctx, AV_LOG_ERROR, "decode_slice_header error\n");
> + return -1;
> }
> break;
not ok
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070315/6b897b88/attachment.pgp>
More information about the ffmpeg-devel
mailing list