The patch fixes overreads (and crashes) introduced in 3ad04608.
--
Christophe
From adfac6472b015e162988e2e2208e95cc87248be2 Mon Sep 17 00:00:00 2001
From: Christophe Gisquet <christophe.gisq...@gmail.com>
Date: Sun, 10 Aug 2014 15:02:36 +0200
Subject: [PATCH] hevc_mvs: set candidate availabilities
They might be left uninitialized otherwise since 3ad04608.
Fixes ticket #3840.
Found-by: Carl Eugen Hoyos <c...@hoyos.ws>
Reported-by: Piotr Bandurski <ami_st...@o2.pl>
---
libavcodec/hevc_mvs.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/libavcodec/hevc_mvs.c b/libavcodec/hevc_mvs.c
index 4564d71..a144ded 100644
--- a/libavcodec/hevc_mvs.c
+++ b/libavcodec/hevc_mvs.c
@@ -677,6 +677,17 @@ b_candidates:
xB0 < s->sps->width &&
PRED_BLOCK_AVAILABLE(B0);
+ // above spatial merge candidate
+ xB1 = x0 + nPbW - 1;
+ yB1 = y0 - 1;
+ is_available_b1 = AVAILABLE(cand_up, B1);
+
+ // above left spatial merge candidate
+ xB2 = x0 - 1;
+ yB2 = y0 - 1;
+ is_available_b2 = AVAILABLE(cand_up_left, B2);
+
+ // above right spatial merge candidate
if (is_available_b0) {
if (MP_MX(B0, pred_flag_index_l0, mxB)) {
goto scalef;
@@ -687,11 +698,6 @@ b_candidates:
}
// above spatial merge candidate
- xB1 = x0 + nPbW - 1;
- yB1 = y0 - 1;
-
- is_available_b1 = AVAILABLE(cand_up, B1);
-
if (is_available_b1) {
if (MP_MX(B1, pred_flag_index_l0, mxB)) {
goto scalef;
@@ -702,10 +708,6 @@ b_candidates:
}
// above left spatial merge candidate
- xB2 = x0 - 1;
- yB2 = y0 - 1;
- is_available_b2 = AVAILABLE(cand_up_left, B2);
-
if (is_available_b2) {
if (MP_MX(B2, pred_flag_index_l0, mxB)) {
goto scalef;
--
1.9.2.msysgit.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
