From 0e5dbaf40f975ab1ad4c199c007e908037d3e356 Mon Sep 17 00:00:00 2001 From: Ronald S. Bultje Date: Mon, 3 Oct 2011 08:38:03 -0700 Subject: [PATCH 1/2] mpegvideo: set correct offset for edge emulation buffer. Using the old code, half of it was unused and the other half was too small for e.g. >8bpp interlaced data, causing random buffer overruns. --- libavcodec/mpegvideo.c | 6 ++---- libavcodec/mpegvideo.h | 1 - 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index baab3c8..b8ac2ce 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -377,8 +377,7 @@ static int init_duplicate_context(MpegEncContext *s, MpegEncContext *base){ int i; // edge emu needs blocksize + filter length - 1 (=17x17 for halfpel / 21x21 for h264) - FF_ALLOCZ_OR_GOTO(s->avctx, s->allocated_edge_emu_buffer, (s->width+64)*2*21*2, fail); //(width + edge + align)*interlaced*MBsize*tolerance - s->edge_emu_buffer= s->allocated_edge_emu_buffer + (s->width+64)*2*21; + FF_ALLOCZ_OR_GOTO(s->avctx, s->edge_emu_buffer, (s->width+64)*2*21*2, fail); //(width + edge + align)*interlaced*MBsize*tolerance //FIXME should be linesize instead of s->width*2 but that is not known before get_buffer() FF_ALLOCZ_OR_GOTO(s->avctx, s->me.scratchpad, (s->width+64)*4*16*2*sizeof(uint8_t), fail) @@ -416,7 +415,7 @@ fail: static void free_duplicate_context(MpegEncContext *s){ if(s==NULL) return; - av_freep(&s->allocated_edge_emu_buffer); s->edge_emu_buffer= NULL; + av_freep(&s->edge_emu_buffer); av_freep(&s->me.scratchpad); s->me.temp= s->rd_scratchpad= @@ -433,7 +432,6 @@ static void free_duplicate_context(MpegEncContext *s){ static void backup_duplicate_context(MpegEncContext *bak, MpegEncContext *src){ #define COPY(a) bak->a= src->a - COPY(allocated_edge_emu_buffer); COPY(edge_emu_buffer); COPY(me.scratchpad); COPY(me.temp); diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index 923d46c..78d4d4e 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -319,7 +319,6 @@ typedef struct MpegEncContext { uint8_t *mbintra_table; ///< used to avoid setting {ac, dc, cbp}-pred stuff to zero on inter MB decoding uint8_t *cbp_table; ///< used to store cbp, ac_pred for partitioned decoding uint8_t *pred_dir_table; ///< used to store pred_dir for partitioned decoding - uint8_t *allocated_edge_emu_buffer; uint8_t *edge_emu_buffer; ///< points into the middle of allocated_edge_emu_buffer uint8_t *rd_scratchpad; ///< scratchpad for rate distortion mb decision uint8_t *obmc_scratchpad; -- 1.7.2.1