Commit cf713bb8 authored by Michael Niedermayer's avatar Michael Niedermayer

fix mpeg1/2 decoding if there are no 0 bytes after the bitstream

print mpeg1/2 startcodes support

Originally committed as revision 1919 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent 701b603d
...@@ -118,8 +118,11 @@ enum SampleFormat { ...@@ -118,8 +118,11 @@ enum SampleFormat {
#define AVCODEC_MAX_AUDIO_FRAME_SIZE 131072 #define AVCODEC_MAX_AUDIO_FRAME_SIZE 131072
/** /**
* Required number of zero bytes at the end of the input bitstream for decoding. * Required number of additionally allocated bytes at the end of the input bitstream for decoding.
* to avoid overreading (and possibly segfaulting) * this is mainly needed because some optimized bitstream readers read
* 32 or 64 bit at once and could read over the end<br>
* Note, if the first 23 bits of the additional bytes are not 0 then damaged
* MPEG bitstreams could cause overread and segfault
*/ */
#define FF_INPUT_BUFFER_PADDING_SIZE 8 #define FF_INPUT_BUFFER_PADDING_SIZE 8
......
...@@ -1934,6 +1934,17 @@ static int mpeg_decode_slice(AVCodecContext *avctx, ...@@ -1934,6 +1934,17 @@ static int mpeg_decode_slice(AVCodecContext *avctx,
s->mb_x = 0; s->mb_x = 0;
s->mb_y++; s->mb_y++;
if(s->mb_y<<field_pic >= s->mb_height){
int left= s->gb.size_in_bits - get_bits_count(&s->gb);
if(left < 0 || (left && show_bits(&s->gb, FFMIN(left, 23)))
|| (avctx->error_resilience >= FF_ER_AGGRESSIVE && left>8)){
fprintf(stderr, "end missmatch left=%d\n", left);
return -1;
}else
goto eos;
}
} }
/* skip mb handling */ /* skip mb handling */
...@@ -1963,10 +1974,6 @@ static int mpeg_decode_slice(AVCodecContext *avctx, ...@@ -1963,10 +1974,6 @@ static int mpeg_decode_slice(AVCodecContext *avctx,
} }
} }
} }
if(s->mb_y<<field_pic >= s->mb_height){
fprintf(stderr, "slice too long\n");
return -1;
}
} }
eos: // end of slice eos: // end of slice
*buf += get_bits_count(&s->gb)/8 - 1; *buf += get_bits_count(&s->gb)/8 - 1;
...@@ -2249,8 +2256,13 @@ static int mpeg_decode_frame(AVCodecContext *avctx, ...@@ -2249,8 +2256,13 @@ static int mpeg_decode_frame(AVCodecContext *avctx,
return FFMAX(0, buf_ptr - buf - s2->parse_context.last_index); return FFMAX(0, buf_ptr - buf - s2->parse_context.last_index);
} }
/* prepare data for next start code */
input_size = buf_end - buf_ptr; input_size = buf_end - buf_ptr;
if(avctx->debug & FF_DEBUG_STARTCODE){
printf("%3X at %d left %d\n", start_code, buf_ptr-buf, input_size);
}
/* prepare data for next start code */
switch(start_code) { switch(start_code) {
case SEQ_START_CODE: case SEQ_START_CODE:
mpeg1_decode_sequence(avctx, buf_ptr, mpeg1_decode_sequence(avctx, buf_ptr,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment