[FFmpeg-devel] [PATCH] Fix interlaced MPEG2 decoder crash (issue2367)
Anatoly Nenashev
anatoly.nenashev
Thu Dec 23 00:16:21 CET 2010
Hi!
Full problem description available on https://roundup.ffmpeg.org/issue2367.
After some research I've found that sample file(exploit.bin) conflicts
with specification in the following lines:
"In the case that a P field picture is used as the second field of a
frame in which the first field is an I field
picture a series of semantic restrictions apply. These ensure that
prediction is only made from the I field
picture. These restrictions are;
? There shall be no macroblocks that are coded with
macroblock_motion_forward zero and
macroblock_intra zero.
? Dual prime prediction shall not be used.
? Field prediction in which motion_vertical_field_select
indicates the same parity as the field
being predicted shall not be used.
? There shall be no skipped macroblocks."
So it looks like first and third restrictions are broken in sample file.
Attached patch contains check for this situation.
Regards,
Anatoly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: interlaced_mpeg.patch
Type: text/x-patch
Size: 854 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101223/d8be6b57/attachment.bin>
More information about the ffmpeg-devel
mailing list