On Tue, May 05, 2015 at 10:39:50PM +0200, Andreas Cadhalpun wrote:
> In init_planes p->xblen and p->yblen are set to:
> p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
> p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
>
> These are later used as block_w and block_h arguments of
> s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
> in emulated_edge_mc:
> av_assert2(start_x < end_x && block_w > 0);
> av_assert2(start_y < end_y && block_h > 0);
>
> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com>
> ---
> libavcodec/diracdec.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
> index adbe331..98f2ea9 100644
> --- a/libavcodec/diracdec.c
> +++ b/libavcodec/diracdec.c
> @@ -902,6 +902,10 @@ static int
> dirac_unpack_prediction_parameters(DiracContext *s)
> /*[DIRAC_STD] 11.2.4 motion_data_dimensions()
> Calculated in function dirac_unpack_block_motion_data */
>
> + if (s->plane[0].xblen >> s->chroma_x_shift <= 0 || s->plane[0].yblen >>
> s->chroma_y_shift <= 0) {
> + av_log(s->avctx, AV_LOG_ERROR, "Block length too small\n");
> + return -1;
> + }a broader check is possible the spec says "Frame height shall be an integer multiple of picture chroma height." in 10.5.1 ive not found an equivalent for width but from rounding the chroma width down i doubt that the spec intends to allow non multiplies for the width [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Breaking DRM is a little like attempting to break through a door even though the window is wide open and the only thing in the house is a bunch of things you dont want and which you would get tomorrow for free anyway
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
