[FFmpeg-devel] [BUG][PATCH] qdm2 fixes
Benjamin Larsson
banan
Sat Jul 19 17:55:38 CEST 2008
Michael Niedermayer wrote:
> On Fri, Jul 18, 2008 at 10:52:23PM +0200, Benjamin Larsson wrote:
>> 1 static overrun and 1 null pointer dereference. They are small so I
>> attached both. These will close Coverity bugs: 68 and 112. Regarding the
>> overrun this will only make sure we don't over read. I don't know what
>> the correct fix is. And this code is never run also.
>>
>> MvH
>> Benjamin Larsson
>
>> Index: libavcodec/qdm2.c
>> ===================================================================
>> --- libavcodec/qdm2.c (revision 14282)
>> +++ libavcodec/qdm2.c (working copy)
>> @@ -1452,6 +1452,9 @@
>> max = min;
>>
>> /* check for errors (?) */
>> + if (!packet)
>> + return;
>> +
>> if (i == 0 && (packet->type < 16 || packet->type >= 48 || fft_subpackets[packet->type - 16]))
>> return;
>>
>
> ok
>
>
>> Index: libavcodec/qdm2.c
>> ===================================================================
>> --- libavcodec/qdm2.c (revision 14282)
>> +++ libavcodec/qdm2.c (working copy)
>> @@ -704,7 +704,7 @@
>> if (add4 < 0)
>> add4 = 0;
>> }
>> - tmp = tone_level_idx[ch][sb][j + 1] * 2 - add4 - add3 - add2 - add1;
>> + tmp = tone_level_idx[ch][sb][FFMAX(j + 1,63)] * 2 - add4 - add3 - add2 - add1;
>> if (tmp < 0)
>> tmp = 0;
>> tone_level_idx_temp[ch][sb][j + 1] = tmp & 0xff;
>
> isnt the last line writing out of the array?
>
> [...]
>
Obviously I missed it...
Is this patch ok ?
MvH
Benjamin Larsson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qdm2overrun.diff
Type: text/x-diff
Size: 816 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080719/6754d022/attachment.diff>
More information about the ffmpeg-devel
mailing list