Commit 4b2ba852 authored by Loren Merritt's avatar Loren Merritt

Fix a buffer overrun with very long MVs.


git-svn-id: svn://svn.videolan.org/x264/trunk@147 df754926-b1dd-0310-bc7b-ec298dee348c
parent ccf61cef
......@@ -144,10 +144,11 @@ static void x264_mb_analyse_load_costs( x264_t *h, x264_mb_analysis_t *a )
if( !p_cost_mv[a->i_qp] )
{
/* could be faster, but isn't called many times */
/* factor of 4 from qpel, 2 from sign, and 2 because mv can be opposite from mvp */
int i;
p_cost_mv[a->i_qp] = x264_malloc( (2*4*h->param.analyse.i_mv_range + 1) * sizeof(int16_t) );
p_cost_mv[a->i_qp] += 4*h->param.analyse.i_mv_range;
for( i = 0; i <= 4*h->param.analyse.i_mv_range; i++ )
p_cost_mv[a->i_qp] = x264_malloc( (4*4*h->param.analyse.i_mv_range + 1) * sizeof(int16_t) );
p_cost_mv[a->i_qp] += 2*4*h->param.analyse.i_mv_range;
for( i = 0; i <= 2*4*h->param.analyse.i_mv_range; i++ )
{
p_cost_mv[a->i_qp][-i] =
p_cost_mv[a->i_qp][i] = a->i_lambda * bs_size_se( i );
......
......@@ -70,8 +70,6 @@ void x264_me_search_ref( x264_t *h, x264_me_t *m, int (*mvc)[2], int i_mvc, int
const int mv_x_max = h->mb.mv_max_fpel[0];
const int mv_y_max = h->mb.mv_max_fpel[1];
/* FIXME could theoretically run off the end of the prepared array of costs,
* if some mv predictors are very far from mvp */
const int16_t *p_cost_mvx = m->p_cost_mv - m->mvp[0];
const int16_t *p_cost_mvy = m->p_cost_mv - m->mvp[1];
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment