[FFmpeg-devel] [PR] avcodec/mpegvideo_enc: Restructure ff_h263_encode_gob_header() relation to update_mb_info() (PR #21537)

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed

From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Cc: michaelni <code@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avcodec/mpegvideo_enc: Restructure ff_h263_encode_gob_header() relation to update_mb_info() (PR #21537)
Date: Wed, 21 Jan 2026 01:51:48 -0000
Message-ID: <176896030877.25.15431400490459686392@4457048688e7> (raw)

PR #21537 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537.patch

Fixes: out of array access

Found-by: Zhenpeng (Leo) Lin from depthfirst
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>From 02b52593d6a6498cc967904c6faa6477c0682a16 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 21 Jan 2026 02:31:51 +0100
Subject: [PATCH] avcodec/mpegvideo_enc: Restructure
 ff_h263_encode_gob_header() relation to update_mb_info()

Fixes: out of array access

Found-by: Zhenpeng (Leo) Lin from depthfirst
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mpegvideo_enc.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index a4f78c25db..1714d3b6db 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -2925,7 +2925,7 @@ static void write_mb_info(MPVEncContext *const s)
     bytestream_put_byte(&ptr, 0); /* vmv2 */
 }
 
-static void update_mb_info(MPVEncContext *const s, int startcode)
+static void update_mb_info(MPVEncContext *const s)
 {
     if (!s->mb_info)
         return;
@@ -2933,14 +2933,6 @@ static void update_mb_info(MPVEncContext *const s, int startcode)
         s->mb_info_size += 12;
         s->prev_mb_info = s->last_mb_info;
     }
-    if (startcode) {
-        s->prev_mb_info = put_bytes_count(&s->pb, 0);
-        /* This might have incremented mb_info_size above, and we return without
-         * actually writing any info into that slot yet. But in that case,
-         * this will be called again at the start of the after writing the
-         * start code, actually writing the mb info. */
-        return;
-    }
 
     s->last_mb_info = put_bytes_count(&s->pb, 0);
     if (!s->mb_info_size)
@@ -3154,8 +3146,11 @@ static int encode_thread(AVCodecContext *c, void *arg){
 #endif
                     case AV_CODEC_ID_H263:
                         if (CONFIG_H263_ENCODER) {
-                            update_mb_info(s, 1);
+                            if (s->mb_info && put_bytes_count(&s->pb, 0) - s->prev_mb_info >= s->mb_info)
+                                s->mb_info_size += 12;
+
                             ff_h263_encode_gob_header(s, mb_y);
+                            s->prev_mb_info = put_bits_count(&s->pb)/8;
                         }
                     break;
                     }
@@ -3180,7 +3175,7 @@ static int encode_thread(AVCodecContext *c, void *arg){
             s->c.mb_skipped = 0;
             s->dquant=0; //only for QP_RD
 
-            update_mb_info(s, 0);
+            update_mb_info(s);
 
             if (mb_type & (mb_type-1) || (s->mpv_flags & FF_MPV_FLAG_QP_RD)) { // more than 1 MB type possible or FF_MPV_FLAG_QP_RD
                 int next_block=0;
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org

                 reply	other threads:[~2026-01-21  1:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=176896030877.25.15431400490459686392@4457048688e7 \
    --to=ffmpeg-devel@ffmpeg.org \
    --cc=code@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git