[libav-bugs] [Bug 999] crash when performing motion compensation on a macroblock with no height

bugzilla at libav.org bugzilla at libav.org
Sun Dec 11 16:55:44 CET 2016


https://bugzilla.libav.org/show_bug.cgi?id=999

--- Comment #1 from Sean McGovern <gseanmcg at gmail.com> ---
I configured with: 

/src/libav/configure --prefix=/build/libav-clang/install --enable-gpl
--disable-asm --disable-vdpau --cc=/usr/bin/clang-3.8
--extra-cflags='-fsanitize=undefined' --extra-ldflags='-fsanitize=undefined'
--extra-ldexeflags='-fsanitize=undefined'

I specifically disabled assembly to remove it from the equation.

This caused the sample from bug 981 to crash with a segmentation fault at
libavcodec/pel_template.c:78 in put_pixels8_8_c(...) due to the pixels array
being null.

Tracing it back, the most useful place I get to is a call to
mpeg_decode_slice(...) in decode_chunks(...) at libavcodec/mpeg12dec.c:2551
where mb_y is 0.

Is it meaningless to even attempt to decode a slice with no height?

(as an aside, the condition inside the if at libavcodec/mpeg12dec.c:2535 does
not check if threshold and mb_y are both 0 -- again at which time is does not
seem sensible to continue. Is this a separate bug?)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20161211/01cceade/attachment.html>


More information about the libav-bugs mailing list