[FFmpeg-devel] [BUG][PATCH] qdm2 fixes
Michael Niedermayer
michaelni
Fri Jul 18 23:27:21 CEST 2008
On Fri, Jul 18, 2008 at 10:52:23PM +0200, Benjamin Larsson wrote:
> 1 static overrun and 1 null pointer dereference. They are small so I
> attached both. These will close Coverity bugs: 68 and 112. Regarding the
> overrun this will only make sure we don't over read. I don't know what
> the correct fix is. And this code is never run also.
>
> MvH
> Benjamin Larsson
> Index: libavcodec/qdm2.c
> ===================================================================
> --- libavcodec/qdm2.c (revision 14282)
> +++ libavcodec/qdm2.c (working copy)
> @@ -1452,6 +1452,9 @@
> max = min;
>
> /* check for errors (?) */
> + if (!packet)
> + return;
> +
> if (i == 0 && (packet->type < 16 || packet->type >= 48 || fft_subpackets[packet->type - 16]))
> return;
>
ok
> Index: libavcodec/qdm2.c
> ===================================================================
> --- libavcodec/qdm2.c (revision 14282)
> +++ libavcodec/qdm2.c (working copy)
> @@ -704,7 +704,7 @@
> if (add4 < 0)
> add4 = 0;
> }
> - tmp = tone_level_idx[ch][sb][j + 1] * 2 - add4 - add3 - add2 - add1;
> + tmp = tone_level_idx[ch][sb][FFMAX(j + 1,63)] * 2 - add4 - add3 - add2 - add1;
> if (tmp < 0)
> tmp = 0;
> tone_level_idx_temp[ch][sb][j + 1] = tmp & 0xff;
isnt the last line writing out of the array?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080718/dae5f337/attachment.pgp>
More information about the ffmpeg-devel
mailing list