From patchwork Thu Jul 19 17:00:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Bennett X-Patchwork-Id: 9764 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:104:0:0:0:0:0 with SMTP id c4-v6csp1927131jad; Thu, 19 Jul 2018 10:08:14 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdggsSPSGvRqhiAQrkRQftBqpnDkHNmVt14DMkKLPkJ2zBIF1YDhodSYO2EAsfZsGRae1Rc X-Received: by 2002:a1c:b788:: with SMTP id h130-v6mr5044488wmf.27.1532020094578; Thu, 19 Jul 2018 10:08:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532020094; cv=none; d=google.com; s=arc-20160816; b=BP2kYlOBTzMYqnkjsV51ttDrHzZ/L/A5AEcuO++2e+fUpQhQlbbHmorqBc2e3/GzGn WEUp2oKyKBXuaTorHL/7TctDyhuz8qAkduXmbf8gOTRrY4cpF5RWKdIhYUvCztDKKHxy sU1VKPekK4k7HfPjDWGgTJkwkt3TZfZd8zOutG0PLbYWhLj6zEdEI4jvSZXHwm4t8YfR nGB1B03FZDrTRhjz2cY8ZD6hISolws91xaKFzKRxDvraBgC4B9xFqpSL0gjfQsLFVKCD 9gWCvtATD2BcovZQqSJv+L9VZ15OkTMbWh8xKUO6fkUeUISKb7wq+swpTiF61Wg2Iocp pTpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=h3dxgcG/mhw7QvnhM3SrLB0Cl9JEP7W2CO3cGWJzEZY=; b=vQXBsXW1ABMBDoQRoehg3Pad6tQfMGgKD05IG/U/tmxCOgB4hPrWidp2vvySo7n2yf kBSK8ooZTzzDvtzgNaKGl8gAYfBM0tXDfoS5MrC4iuo7B2MhE3ZoJ9pfDOaa5w7Yj1lq lDckTgnQ6YlHcvwFJhjwdwyIPyJlkWZqmumrf3OtpLjEoltg7zQvvWwfc9V7Rjt0ZQO4 H3u6SseL7mKx1Mr8tvocEuao5fhiWXvxP4NA+sSg7apnsUznjL5Y9fNjcpSRxYtWp606 xZZHXNJiZGeNJ1S4rTViAUB2JibMDrhBuvne5Plywt6SbQfWusLf0n0X3i9w/fB7jZ92 4nMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=u5kPOnKI; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t72-v6si7747wmt.95.2018.07.19.10.08.13; Thu, 19 Jul 2018 10:08:14 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=u5kPOnKI; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CC72B689DFA; Thu, 19 Jul 2018 20:08:00 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yw0-f195.google.com (mail-yw0-f195.google.com [209.85.161.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 196F7689B04 for ; Thu, 19 Jul 2018 20:07:54 +0300 (EEST) Received: by mail-yw0-f195.google.com with SMTP id r184-v6so3336992ywg.6 for ; Thu, 19 Jul 2018 10:08:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=LJXtoolb/QbAFdKwxqUzZkeVw8cW1J/jvSB6V0m4Py0=; b=u5kPOnKIly0TmcKD1qNaNRKmgucdp0dV7r/WzDp7+kDlWo2fv/W7DRn5VrF8CgJ9ts NIf8A4OiVY0UpMyDOZLpc4ZtCDSmHfA9PO+IFUgcfv7tWAi/Ey6t9KKZEk8cdgL2RLcf LUp9gzXDlDgFomy4MqhDImf7FAaQKbXLMvtYhMWdIBuCaubWYjG20Ixvx04n5Dm4vZ9z /LYe3qQ1Od6gpYI1VYyF2+dXgLUnl3Ne3E4bjJuvJQk+qtB3znU4h9lI/O0QocJNuX/J c7fx02/0UqyBOU+fx6JzqbfWuKwYheTSsBpgblemh3NWRxOfZy10vWCeKYy+mUn5M5VF tlEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=LJXtoolb/QbAFdKwxqUzZkeVw8cW1J/jvSB6V0m4Py0=; b=EfTaPRKjPa6lv7c6o2QVlp8icx4d6qXYIoXY5PD26BPoDZE6ucDDtlCd76KCRSQlcm FOONBGWEXAXc6Tcu63hyGW12I6ZwGc76hKlmb3WBE2bI6MHGJhFl0kcXw+7lT4gOGdn/ MKehjZXNZI1cykzB5QBLV5DVGCo17PmAMR+iFXsiU8VzHYxwEqKYer88rIxn2/4NMA1F NIW45uRZVcvymT2IsaCNqMDRCb0jOvl+FKVXrHF5lMrbOD60EmwGiBG4UlkaGv6w2hNX M07sXdupE+gJa3/IbHEjotr/N2ZC6Bxu4gDkzu/MFoFPWoXT6VwXINsgFFixQQZb9Hf5 xDXw== X-Gm-Message-State: AOUpUlH/WTVpcsJS1jFusGokU9pbkQBbuqjuXXDVVQpdrnbbnAxYDirg Jif2UJqwuWUc/ZndPu2KvazWbTmw X-Received: by 2002:a81:3846:: with SMTP id f67-v6mr1703848ywa.83.1532019624959; Thu, 19 Jul 2018 10:00:24 -0700 (PDT) Received: from localhost.localdomain ([2601:183:101:95d5:9c30:6cc8:a77:3893]) by smtp.gmail.com with ESMTPSA id e22-v6sm3266161ywe.37.2018.07.19.10.00.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Jul 2018 10:00:24 -0700 (PDT) From: Peter Bennett X-Google-Original-From: Peter Bennett To: ffmpeg-devel@ffmpeg.org Date: Thu, 19 Jul 2018 13:00:15 -0400 Message-Id: <20180719170015.23608-1-pbennett@mythtv.org> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avcodec/mediacodec_sw_buffer: Fix segmentation fault with decoding on android oreo (corrected) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Peter Bennett MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This is a correction of the earlier submission of this patch. avcodec_receive_frame consistently causes a seg fault when decoding 1080i mpeg2 on android version oreo. When copying the frame, the second plane in the buffer follows on immediately after 1080 lines of the first plane, but the code assumes it is after 1088 lines of the first plane, based on slice_height. It crashes on copying data for the second plane when it hits the actual end of the data and starts accessing addresses beyond that. Instead of using slice_height here, change to use use height. slice_height is used at other places in this module and I do not know if they also need to be changed. I have confirmed that with this change, decoding works correctly on android oreo as well as on the prior version, android nougat. --- libavcodec/mediacodec_sw_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mediacodec_sw_buffer.c b/libavcodec/mediacodec_sw_buffer.c index 92428e85f0..30a53f05b3 100644 --- a/libavcodec/mediacodec_sw_buffer.c +++ b/libavcodec/mediacodec_sw_buffer.c @@ -150,7 +150,7 @@ void ff_mediacodec_sw_buffer_copy_yuv420_semi_planar(AVCodecContext *avctx, } else if (i == 1) { height = avctx->height / 2; - src += s->slice_height * s->stride; + src += s->height * s->stride; src += s->crop_top * s->stride; src += s->crop_left; }