[Ffmpeg-devel] [PATCH] ported SGI decoder to the new API

Michael Niedermayer michaelni
Mon Apr 2 13:31:48 CEST 2007 

Hi

On Mon, Apr 02, 2007 at 03:51:59PM +0800, Xiaohui Sun wrote:
[...]
> > 
> > 
> >> [...]
> >>> [...]
> >>>  
> >>>> +            start_offset = bytestream_get_be32(&start_table);
> >>>> +            len = bytestream_get_be32(&length_table);
> >>>> +            if(in_buf + start_offset + len > end_buf) {
> >>>> +                return AVERROR_INVALIDDATA;
> >>>> +            }
> >>>>    
> >>> this check still is not catching all cases, also it seems you 
> >>> missunderstood
> >>> me, i didnt mean that you check the values in an otherwise unused table but
> >>> rather that you properly check the values you do use for overflow
> >>>
> >>>
> >>>  
> >> you means I should check if the start_offset is overflow, and check 
> >> against INT32_MAX?
> > 
> > maybe though maybe i missunderstand you again but you definitly should
> > check the thing so that it wont segfault when dereferenced
> 
> Would you please pointer out more specifically what the problem is,
> since I did not meet problems when I test it.

how did you test that this condition is sufficient?
it seems you didnt test it
just try a

int len;
long start_offset;
uint8_t in_buf[1]={1};
uint8_t *end_buf= in_buf + 1;
unsigned int i, j;
for(i=0; i<0xFFFFFFFF; i+= 100){
    start_offset= i;
    len= -1234567890;
    if(in_buf + start_offset + len > end_buf)
        continue;
    j+= in_buf[start_offset];
}
printf("%d\n", j);


> 
> > 
> > 
> >>>> +        for (x = s->width; x > 0; x--) {
> >>>> +            ptr = in_buf;
> >>>> +            offset = 0;
> >>>> +            for(z = 0; z < s->depth; z ++) {
> >>>> +                ptr += offset;
> >>>> +                bytestream_put_byte(&dest_row, *ptr);
> >>>> +            }
> >>>> +            in_buf ++;
> >>>> +        }
> >>>>    
> >>> this is buggy
> >>>  
> >> yes, it seems quite ugly, since I want to do a discrete read and a 
> >> sequential write, so I move the pointer each time.
> > 
> > it is buggy (=not working)
> 
> it do work for me, could you send me the test file that fails, and thank
> you again for your advice :)

i cant sent you a test file which fails, but i can assure you setting offset
to 0 and then adding it (=0) to ptr to advance ptr doesnt work

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Dictatorship naturally arises out of democracy, and the most aggravated
form of tyranny and slavery out of the most extreme liberty. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070402/ee4539ed/attachment.pgp>

More information about the ffmpeg-devel mailing list