[Ffmpeg-devel] [PATCH] THP PCM decoder (GSoC Qualification)

Michael Niedermayer michaelni
Sat Apr 7 16:44:03 CEST 2007


Hi

On Sat, Apr 07, 2007 at 03:35:29PM +0200, Marco Gerards wrote:
> Michael Niedermayer <michaelni at gmx.at> writes:
> 
> Hi,
> 
> > Hi
> >
> > On Sat, Apr 07, 2007 at 02:17:40PM +0200, Marco Gerards wrote:
> >> Michael Niedermayer <michaelni at gmx.at> writes:
> >> 
> >> Hi,
> >> 
> >> [...]
> >> 
> >> >> +        /* Initialize the previous sample.  */
> >> >> +        for (ch = 0; ch < 2; ch++) {
> >> >> +            prev1[ch] = get_sbits(&gb, 16);
> >> >> +            prev2[ch] = get_sbits(&gb, 16);
> >> >> +        }
> >> >> +
> >> >> +        if (samples + samplecnt * (st + 1L) >= samples_end) {
> >> >> +            av_log(avctx, AV_LOG_ERROR, "allocated output buffer is too small\n");
> >> >> +            return -1;
> >> >> +        }
> >> >
> >> > this check is still insufficient
> >> > samplecnt= 0xFFFFFFFF, st=0 will amongth many others still pass as long as
> >> > pointers are 32bit (yeah 32bit systems are still the majority AFIAK)
> >> > and on 64bit its a gamble if random pointer + 0xFFFFFFFF will overflow
> >> > probably it wont but thats just luck
> >> 
> >> How about:
> >>         if (samplecnt * (st + 1L) >= samples_end - samples) {
> >>             av_log(avctx, AV_LOG_ERROR, "allocated output buffer is too small\n");
> >>             return -1;
> >>         }
> >> 
> >> In that case I think no bad stuff will happen.
> >
> > on 32bit systems, long and int are 32bit
> >
> > 0x80000000 * (1 + 1L) >= samples_end - samples
> > 0x80000000 * 2L       >= samples_end - samples
> > 0                     >= samples_end - samples
> 
> Ah, I finally see why we are misunderstanding eachother, or at least
> why I wasn't understanding you.  I was, for some reason, confinced
> long is 64 bits on all systems.  I have a 64 bits system here and I
> couldn't reproduce any problem.  Here is a new patch in which I move
> the division to the other side (like rich said).

patch looks ok

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The misfortune of the wise is better than the prosperity of the fool.
-- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070407/f43760a3/attachment.pgp>



More information about the ffmpeg-devel mailing list