Module: libav Branch: release/9 Commit: f4773e5b37875e3c261540857bf2fb90327fc6aa
Author: Anton Khirnov <[email protected]> Committer: Sean McGovern <[email protected]> Date: Sat Dec 17 17:04:55 2016 +0100 mpeg12: move setting first_field to mpeg_field_start() For field picture, the first_field is set based on its previous value. Before this commit, first_field is set when reading the picture coding extension. However, in corrupted files there may be multiple picture coding extension headers, so the final value of first_field that is actually used during decoding can be wrong. That can lead to various undefined behaviour, like predicting from a non-existing field. Fix this problem, by setting first_field in mpeg_field_start(), which should be called exactly once per field. CC: [email protected] Bug-ID: 999 (cherry picked from commit c2fa6bb0e8703a7a6aa10e11f9ab36094416d83f) Signed-off-by: Sean McGovern <[email protected]> --- libavcodec/mpeg12.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index a49828e..a0a68e7 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -1546,10 +1546,8 @@ static void mpeg_decode_picture_coding_extension(Mpeg1Context *s1) } if (s->picture_structure == PICT_FRAME) { - s->first_field = 0; s->v_edge_pos = 16 * s->mb_height; } else { - s->first_field ^= 1; s->v_edge_pos = 8 * s->mb_height; memset(s->mbskip_table, 0, s->mb_stride * s->mb_height); } @@ -1579,6 +1577,11 @@ static int mpeg_field_start(MpegEncContext *s, const uint8_t *buf, int buf_size) AVCodecContext *avctx = s->avctx; Mpeg1Context *s1 = (Mpeg1Context*)s; + if (s->picture_structure == PICT_FRAME) + s->first_field = 0; + else + s->first_field ^= 1; + /* start frame decoding */ if (s->first_field || s->picture_structure == PICT_FRAME) { if (ff_MPV_frame_start(s, avctx) < 0) _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
