[Ffmpeg-devel] (Minor) Issues reported by Coverity for xine's libffmpeg copy
Diego 'Flameeyes' Pettenò
flameeyes
Tue Sep 26 05:48:15 CEST 2006
Most of these ar eminor issues that hits very strange corner cases, but I
might as well report them here so that they can find a solution, or that I
can simply report them as ignorable. I checked all of them against the
current SVN, I hope I didn't miss anything obvious.
CID 88: possible NULL dereference in libavcodec/mpegvideo.c:341
if(s->avctx->me_threshold){
[snip]
if(!src->mb_type)
av_log(s->avctx, AV_LOG_ERROR, "AVFrame.mb_type not set!\n");
[snip]
memcpy(dst->mb_type, src->mb_type, s->mb_stride * s->mb_height *
sizeof(dst->mb_type[0]));
CID 230: possible memory leak in libavcodec/imgresample.c about line 557
s = av_mallocz(sizeof(ImgReSampleContext));
if (!s)
return NULL;
if((unsigned)owidth >= UINT_MAX / (LINE_BUF_HEIGHT + NB_TAPS))
return NULL;
s->line_buf = av_mallocz(owidth * (LINE_BUF_HEIGHT + NB_TAPS));
if (!s->line_buf)
goto fail;
CID 110: access outside boundaries of CABACContext::lps_range in
libavcodec/cabac.c:120
for(j=0; j<4; j++){ //FIXME check if this is worth the 1 shift we save
c->lps_range[2*i+0][j+4]=
c->lps_range[2*i+1][j+4]= lps_range[i][j];
}
c->lps_range is defined as [2*65][4] in cabac.h
CID 305: possible memory leak in libavcodec/jpeg_ls.c
at line 412 the pointer state is assigned a newly-allocated memory area, that
is freed at the end of the function before returning, in line 465, but not
when returning with error in line 462.
--
Diego "Flameeyes" Petten? - http://farragut.flameeyes.is-a-geek.org/
Gentoo/Alt lead, Gentoo/FreeBSD, Video, AMD64, Sound, PAM, KDE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20060926/a417bc6b/attachment.pgp>
More information about the ffmpeg-devel
mailing list