[Ffmpeg-devel] [PATCH/BUGREPORT] crash in vorbis decoder
Michael Niedermayer
michaelni
Sun Feb 4 23:54:43 CET 2007
Hi
On Sun, Feb 04, 2007 at 11:35:20PM +0100, Reimar D?ffinger wrote:
> Hello,
> On Sun, Feb 04, 2007 at 10:27:40PM +0000, M?ns Rullg?rd wrote:
> > Michael Niedermayer <michaelni at gmx.at> writes:
> > > On Sun, Feb 04, 2007 at 11:08:16PM +0100, Reimar D?ffinger wrote:
> > >> http://samples.mplayerhq.hu/A-codecs/vorbis/ffvorbis_crash.ogm
> > >> crashes a few seconds into the files.
> > >
> > > gdb/valgrind output?
> >
> [...]
> > #0 vorbis_residue_decode (vc=0xa2dee0, vr=0xac41b0, ch=2 '\002',
> > do_not_decode=0x7fff0f3f8d70 "", vec=0xab2000, vlen=1024)
> > at /home/mru/src/ffmpeg/libavcodec/vorbis.c:1512
> > 1512 vec[voffs ]+=codebook.codevectors[coffs+l ]; // FPMATH
> [...]
> > r11 0xfffffffc 4294967292
>
> This, btw. seems to be the value of the coffs variable. Made me first
> assume that it's some signedness problem (e.g. because get_vlc2 returns
> int and not unsigned), but it's just a baseless assumption *g*.
get_vlc*() returns -1 on error, maybe the code doesnt check this ...
btw anyone wants to volunteer to maintain vorbis.c ?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I count him braver who overcomes his desires than him who conquers his
enemies for the hardest victory is over self. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070204/c0f7d305/attachment.pgp>
More information about the ffmpeg-devel
mailing list