Hi, On Sat, Feb 18, 2012 at 7:10 AM, Justin Ruggles <[email protected]> wrote: > On 02/17/2012 07:27 PM, Ronald S. Bultje wrote: > >> From: "Ronald S. Bultje" <[email protected]> >> >> Return 0 indicates "please return the same data again", i.e. it causes >> an infinite loop. Instead, return that we consumed the buffer if we >> finished decoding succesfully, or return an error if an error occurred. >> >> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind >> CC: [email protected] >> --- >> libavcodec/mjpegbdec.c | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) > [...] >> @@ -149,7 +149,7 @@ read_header: >> picture->quality*= FF_QP2LAMBDA; >> } >> >> - return buf_ptr - buf; >> + return buf_size; > > > This change assumes there can never be multiple frames in a packet. If > that's true for mjpegb, the patch looks fine.
I believe that's true for all video codecs. In this particular case, what you'll see is that buf_ptr is initialized to buf (i.e. the start) and never updated, except when the frame contains two fields, in which case it is set to the start of the second field before a second run through the whole code. Therefore, buf_ptr is either the start of the frame or the start of the second field, but never the end of the buffer, which is obviously a bug. Ronald _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
