[FFmpeg-devel] [PATCH] mpegvideo: validate block_last_index before dct_unquantize_intra

Sat Dec 19 18:13:37 CET 2015

If it is negative, it triggers the assertion in
dct_unquantize_h263_intra.

This is somehow related to the second hunk of commit 9251942: reverting
that prevents these crashes, but breaks the sample from ticket 302.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---

Note that the sample from ticket 302 is currently broken anyway, printing
lots of "slice end not reached but screenspace end" errors.
This still works fine with ffmpeg 2.8.

---
 libavcodec/mpegvideo.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index 6d9e265..e8e54ff 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -2402,6 +2402,10 @@ unhandled:
 static inline void put_dct(MpegEncContext *s,
                            int16_t *block, int i, uint8_t *dest, int line_size, int qscale)
 {
+    if (s->block_last_index[i] < 0) {
+        av_log(s->avctx, AV_LOG_WARNING, "Invalid block_last_index in put_dct.\n");
+        return;
+    }
     s->dct_unquantize_intra(s, block, i, qscale);
     s->idsp.idct_put(dest, line_size, block);
 }
-- 
2.6.2
