ff_mpeg_update_thread_context() currently checks for whether the source (current|last|next)_picture_ptr points into the src context's picture array by performing a pointer comparison.
Yet pointer comparisons are only legal when the pointers point into the same array object (or one past the last element); otherwise they are undefined behaviour that happen to work (at least with a flat address space). In this case this code is moreover a remnant of the time when the H.264 decoder used H.264 (see the commit message of d9df93efbf59b1dc8b013d174ca4ad9c634c28f7); the current decoders never set these pointers to anything outside of the picture array (except NULL). So remove these checks. Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> --- libavcodec/mpegvideo.h | 3 +++ libavcodec/mpegvideo_dec.c | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index a65c23f1d1..af1d9af2bd 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -142,6 +142,9 @@ typedef struct MPVContext { */ Picture current_picture; ///< buffer to store the decompressed current picture + /* The following three pointers must be either NULL or point + * to a picture in the main picture buffer (i.e. picture) + * for users of mpegvideodec. */ Picture *last_picture_ptr; ///< pointer to the previous picture. Picture *next_picture_ptr; ///< pointer to the next picture (for bidir pred) Picture *current_picture_ptr; ///< pointer to the current picture diff --git a/libavcodec/mpegvideo_dec.c b/libavcodec/mpegvideo_dec.c index 8927a0a21b..137b47efa7 100644 --- a/libavcodec/mpegvideo_dec.c +++ b/libavcodec/mpegvideo_dec.c @@ -74,6 +74,9 @@ int ff_mpeg_update_thread_context(AVCodecContext *dst, s->avctx = dst; s->parent_ctx = m; s->private_ctx = private_ctx; + s->current_picture_ptr = NULL; + s->next_picture_ptr = NULL; + s->last_picture_ptr = NULL; s->bitstream_buffer = NULL; s->bitstream_buffer_size = s->allocated_bitstream_buffer_size = 0; @@ -133,9 +136,7 @@ do {\ UPDATE_PICTURE(next_picture); #define REBASE_PICTURE(pic, new_ctx, old_ctx) \ - ((pic && pic >= old_ctx->picture && \ - pic < old_ctx->picture + MAX_PICTURE_COUNT) ? \ - &new_ctx->picture[pic - old_ctx->picture] : NULL) + ((pic) ? &(new_ctx)->picture[(pic) - (old_ctx)->picture] : NULL) s->last_picture_ptr = REBASE_PICTURE(s1->last_picture_ptr, s, s1); s->current_picture_ptr = REBASE_PICTURE(s1->current_picture_ptr, s, s1); -- 2.32.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".