[FFmpeg-devel] [PATCH][issue2079] ffplay: segfault if coded video WxH dimension larger than desktop

[Michael Niedermayer]

On Sun, Aug 15, 2010 at 11:58:14AM -0400, Mike Scheutzow wrote:
> Michael Niedermayer wrote:
>> i see n patch in this thread nor a [patch] in the subj
>> also dont forget our patch checklist patcheck and an explanation of
>> why and how and what
>
> These patches are for issue2079.
>
> Multiple users have reported a segfault in ffplay when they attempt to play 
> a high definition video stream.
>
> The cause of the segfault is a buffer overrun when FFmpeg code is copying 
> pixel data into a buffer allocated by SDL_CreateYUVOverlay. The behavior of 
> SDL_CreateYUVOverlay is to allocate the requested size when possible, or 
> the largest overlay size supported by the underlying video driver and 
> hardware.
>
> The problem is that the ffplay code assumes that a buffer of the requested 
> size was allocated.
>
> move-funcs-v1.patch moves two existing functions to avoid a forward 
> declaration in the 2nd patch.
>
> issue2079-avoid-segfault-v2.patch checks if SDL allocated a buffer smaller 
> than requested, and exits the application with a message if it did.
>
> tools/patcheck has been run on both patches.
>
> -- 
> Mike Scheutzow
>
>
>

>  ffplay.c |    8 ++++++++
>  1 file changed, 8 insertions(+)
> 482c1c73d3833f86edfcfda9a80c77fefe825d59  issue2079-avoid-segfault-v2.patch
> Index: ffplay.c
> @@ -1319,6 +1374,14 @@
>      vp->bmp = SDL_CreateYUVOverlay(vp->width, vp->height,
>                                     SDL_YV12_OVERLAY,
>                                     screen);
> +    if (!vp->bmp || vp->bmp->pitches[0] < vp->width) {
> +        /* SDL allocates a buffer smaller than requested if the video
> +         * overlay hardware is unable to support the requested size. */
> +        fprintf(stderr, "Error: the video system does not support an image\n"
> +                        "size of %dx%d pixels. Try using -vf \"scale=w:h\"\n"
> +                        "to reduce the image size.\n", vp->width, vp->height );
> +        do_exit();
> +    }
>  
>      SDL_LockMutex(is->pictq_mutex);
>      vp->allocated = 1;

>  ffplay.c |  109 +++++++++++++++++++++++++++++++--------------------------------
>  1 file changed, 55 insertions(+), 54 deletions(-)
> c5091fc2894feaeaa02c064f838c058ba4328ac0  move-funcs-v1.patch

both look ok

also a suggestion for lowres should be there

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I hate to see young programmers poisoned by the kind of thinking
Ulrich Drepper puts forward since it is simply too narrow -- Roman Shaposhnik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100816/e3ca1885/attachment.pgp>