On Wed, Feb 18, 2015 at 2:34 PM, Clément Bœsch <u...@pkh.me> wrote:
> On Wed, Feb 18, 2015 at 02:22:53PM -0800, Chris Kennedy wrote: > > This is a pretty obvious bug we caught in the thumbnail filter that is > very > > subtle and hardly ever shows issues except for certain videos. Yet it > can > > be seen how it is blatantly going out of bounds by basing the width > > increment off of i*3 that resulted in odd crashes in rare cases. > > > > > > Thanks, > > Chris > > -- > > --- > > Chris Kennedy > > Video Engineer > > CrunchyRoll - http://www.crunchyroll.com > > > diff --git a/libavfilter/vf_thumbnail.c b/libavfilter/vf_thumbnail.c > > index 1883154..a1272a0 100644 > > --- a/libavfilter/vf_thumbnail.c > > +++ b/libavfilter/vf_thumbnail.c > > @@ -142,7 +142,8 @@ static int filter_frame(AVFilterLink *inlink, > AVFrame *frame) > > > > // update current frame RGB histogram > > for (j = 0; j < inlink->h; j++) { > > - for (i = 0; i < inlink->w; i++) { > > + // last third of image, walk every 3 bytes/pixels reading RGB > > + for (i = 0; i < inlink->w/3; i++) { > > width is expressed in pixels, not bytes. > Right, this part seems tricky, yet it doesn't make sense to walk the entire width with var i and then walk it by 3's up to the very last increment. > > How to reproduce the issue or crash? > > > hist[0*256 + p[i*3 ]]++; > > hist[1*256 + p[i*3 + 1]]++; > > hist[2*256 + p[i*3 + 2]]++; > > > > The source is copyrighted, and it happens on certain types of encodings it seems, and only 1 out of every 250 or some really low number. I will work on getting a reproducible case. Thanks, Chris > -- > Clément B. > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
