[Ffmpeg-devel] [PATCH] THP PCM decoder (GSoC Qualification)

Sat Apr 7 14:17:40 CEST 2007

Michael Niedermayer <michaelni at gmx.at> writes:

Hi,

[...]

>> +        /* Initialize the previous sample.  */
>> +        for (ch = 0; ch < 2; ch++) {
>> +            prev1[ch] = get_sbits(&gb, 16);
>> +            prev2[ch] = get_sbits(&gb, 16);
>> +        }
>> +
>> +        if (samples + samplecnt * (st + 1L) >= samples_end) {
>> +            av_log(avctx, AV_LOG_ERROR, "allocated output buffer is too small\n");
>> +            return -1;
>> +        }
>
> this check is still insufficient
> samplecnt= 0xFFFFFFFF, st=0 will amongth many others still pass as long as
> pointers are 32bit (yeah 32bit systems are still the majority AFIAK)
> and on 64bit its a gamble if random pointer + 0xFFFFFFFF will overflow
> probably it wont but thats just luck

How about:
        if (samplecnt * (st + 1L) >= samples_end - samples) {
            av_log(avctx, AV_LOG_ERROR, "allocated output buffer is too small\n");
            return -1;
        }

In that case I think no bad stuff will happen.

If you think this is ok, I will send in a new patch with this
correction.

--
Marco