On Sun, Jan 08, 2017 at 01:45:07PM +0100, Paul B Mahol wrote: >> + memcpy(rbuf, buf, buf_size); >> + memset(rbuf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); > Huh?!? Is this needed at all?
After some discussion on IRC: It turns out that avcodec_decode_video2() requires the input AVPacket to already have AV_INPUT_BUFFER_PADDING_SIZE padding afterwards, and it essentially only sends this AVPacket down to the decode() function pointer. I'd love if this were documented directly on AVPacket and/or the decode function pointer, but it's a strong enough guarantee that this can go safely. Sending v3 shortly, and I've also started some fuzzing. It's gone through ~50M execs with afl already, but obviously needs to restart now that there's been changed. (I made a tiny 16x32 frame as seed and adapted Kieran's fffuzz to accept raw video, so it chugs along at ~650 execs/thread on 40 hyperthreads.) /* Steinar */ -- Homepage: https://www.sesse.net/ _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
