ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinha...@outlook.com> | Thu Jun 20 14:51:17 2024 +0200| [5826166836e3e94d2a5e249e5a82e06f3285aece] | committer: Andreas Rheinhardt
avcodec/h263dec: Clean intra tables in decoder, not ff_mpv_reconstruct_mb This is a more appropriate place than a function designed to reconstruct a macroblock. It furthermore limits these checks to the codecs that actually need it (and removes it from e.g. RV10 and RV20 -- the latter actually uses these buffers, but only for intra-frames, so they don't need to be cleaned manually). This furthermore means that ff_mpv_reconstruct_mb() and therefore also the error-resilience code no longer needs block_index set. This fixes a crash caused by 65d5ccb808ec93de46a2458ea8cc082ce4460f34 when ff_mpv_reconstruct_mb() is called by VC-1 code without block_index being initialized properly (VC-1 uses and initializes block_index itself normally). Fixes: 69814/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4868081575329792 Fixes: heap-buffer-overflow Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5826166836e3e94d2a5e249e5a82e06f3285aece --- libavcodec/h263dec.c | 9 +++++++++ libavcodec/mpv_reconstruct_mb_template.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 5eefdc4602..452641e408 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -271,6 +271,15 @@ static int decode_slice(MpegEncContext *s) ff_tlog(NULL, "Decoding MB at %dx%d\n", s->mb_x, s->mb_y); ret = s->decode_mb(s, s->block); + if (s->h263_pred || s->h263_aic) { + int mb_xy = s->mb_y * s->mb_stride + s->mb_x; + if (!s->mb_intra) { + if (s->mbintra_table[mb_xy]) + ff_clean_intra_table_entries(s); + } else + s->mbintra_table[mb_xy] = 1; + } + if (s->pict_type != AV_PICTURE_TYPE_B) ff_h263_update_motion_val(s); diff --git a/libavcodec/mpv_reconstruct_mb_template.c b/libavcodec/mpv_reconstruct_mb_template.c index f1cb0d7989..981c837642 100644 --- a/libavcodec/mpv_reconstruct_mb_template.c +++ b/libavcodec/mpv_reconstruct_mb_template.c @@ -61,6 +61,7 @@ void mpv_reconstruct_mb_internal(MpegEncContext *s, int16_t block[12][64], s->cur_pic.qscale_table[mb_xy] = s->qscale; +#if IS_ENCODER /* update DC predictors for P macroblocks */ if (!s->mb_intra) { if (is_mpeg12 != DEFINITELY_MPEG12_H261 && (s->h263_pred || s->h263_aic)) { @@ -70,7 +71,6 @@ void mpv_reconstruct_mb_internal(MpegEncContext *s, int16_t block[12][64], } else if (is_mpeg12 != DEFINITELY_MPEG12_H261 && (s->h263_pred || s->h263_aic)) s->mbintra_table[mb_xy] = 1; -#if IS_ENCODER if ((s->avctx->flags & AV_CODEC_FLAG_PSNR) || s->frame_skip_threshold || s->frame_skip_factor || !((s->intra_only || s->pict_type == AV_PICTURE_TYPE_B) && s->avctx->mb_decision != FF_MB_DECISION_RD)) // FIXME precalc _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
