Stefano Sabatini <[EMAIL PROTECTED]> added the comment:
And the problem is...
When allocating the visualization buffers in MPV_common_init we use these
expressions:
s->visualization_buffer[0] = av_malloc((s->mb_width*16 + 2*EDGE_WIDTH) *
s->mb_height*16 + 2*EDGE_WIDTH);
s->visualization_buffer[1] = av_malloc((s->mb_width*8 + EDGE_WIDTH) *
s->mb_height*8 + EDGE_WIDTH);
s->visualization_buffer[2] = av_malloc((s->mb_width*8 + EDGE_WIDTH) *
s->mb_height*8 + EDGE_WIDTH);
these values are at least in my case less than the values used when copying data
in ff_print_debug_info:
memcpy(s->visualization_buffer[i], pict->data[i], (i==0) ?
pict->linesize[i]*height:pict->linesize[i]*height >> v_chroma_shift);
which result in a buffer overflow.
A naive fix would be to use the values in ff_print_debug_info() in
MPV_common_init, but I'm not sure about this solution (well, I really cannot
understand the expressions in MPV_common_init), maybe I'll send a patch to
ffmpeg-devel...
______________________________________________________
FFmpeg issue tracker <[EMAIL PROTECTED]>
<https://roundup.mplayerhq.hu/roundup/ffmpeg/issue471>
______________________________________________________
