[MPlayer-users] Bug: mp_image_allocate_planes does not allocate enough memory for YV12 images

Thu Jul 24 17:00:06 CEST 2014

I have recently updated to the newest SVN mplayer from a very old
version (built in late 2011), and mplayer crashes on about half of the
videos I tried it with. GDB showed most of the crashes happened during
malloc, so suspecting heap corruption, I ran it in valgrind, and it
detected an invalid write in copy_mpi (libmpcodecs/mp_image.c). I
found that doubling the size of the allocation on line 41, the problem
went away. Obviously, this is not a proper solution, but it does
confirm that there is something wrong with either the buffer size or
the calculations of where the plane pointers are in the image.

--- mplayer-export-2011-12-19/libmpcodecs/mp_image.c    2011-11-22
13:31:29.000000000 -0600
+++ mplayer-svn/libmpcodecs/mp_image.c    2014-07-24 09:36:49.789333161 -0500
@@ -36,11 +36,11 @@
   // IF09 - allocate space for 4. plane delta info - unused
   if (mpi->imgfmt == IMGFMT_IF09) {
     mpi->planes[0]=av_malloc(mpi->bpp*mpi->width*(mpi->height+2)/8+
                             mpi->chroma_width*mpi->chroma_height);
   } else
-    mpi->planes[0]=av_malloc(mpi->bpp*mpi->width*(mpi->height+2)/8);
+    mpi->planes[0]=av_malloc(2*(mpi->bpp*mpi->width*(mpi->height+2)/8));
   if (mpi->flags&MP_IMGFLAG_PLANAR) {
     int bpp = IMGFMT_IS_YUVP16(mpi->imgfmt)? 2 : 1;
     // YV12/I420/YVU9/IF09. feel free to add other planar formats here...
     mpi->stride[0]=mpi->stride[3]=bpp*mpi->width;
     if(mpi->num_planes > 2){
