[FFmpeg-devel] [BUG][PATCH] qdm2 fixes

Michael Niedermayer michaelni
Sat Jul 19 20:10:31 CEST 2008 

On Sat, Jul 19, 2008 at 05:55:38PM +0200, Benjamin Larsson wrote:
> Michael Niedermayer wrote:
> > On Fri, Jul 18, 2008 at 10:52:23PM +0200, Benjamin Larsson wrote:
> >> 1 static overrun and 1 null pointer dereference. They are small so I
> >> attached both. These will close Coverity bugs: 68 and 112. Regarding the
> >> overrun this will only make sure we don't over read. I don't know what
> >> the correct fix is. And this code is never run also.
> >>
> >> MvH
> >> Benjamin Larsson
> > 
> >> Index: libavcodec/qdm2.c
> >> ===================================================================
> >> --- libavcodec/qdm2.c	(revision 14282)
> >> +++ libavcodec/qdm2.c	(working copy)
> >> @@ -1452,6 +1452,9 @@
> >>          max = min;
> >>  
> >>          /* check for errors (?) */
> >> +        if (!packet)
> >> +            return;
> >> +
> >>          if (i == 0 && (packet->type < 16 || packet->type >= 48 || fft_subpackets[packet->type - 16]))
> >>              return;
> >>  
> > 
> > ok
> > 
> > 
> >> Index: libavcodec/qdm2.c
> >> ===================================================================
> >> --- libavcodec/qdm2.c	(revision 14282)
> >> +++ libavcodec/qdm2.c	(working copy)
> >> @@ -704,7 +704,7 @@
> >>                          if (add4 < 0)
> >>                              add4 = 0;
> >>                      }
> >> -                    tmp = tone_level_idx[ch][sb][j + 1] * 2 - add4 - add3 - add2 - add1;
> >> +                    tmp = tone_level_idx[ch][sb][FFMAX(j + 1,63)] * 2 - add4 - add3 - add2 - add1;
> >>                      if (tmp < 0)
> >>                          tmp = 0;
> >>                      tone_level_idx_temp[ch][sb][j + 1] = tmp & 0xff;
> > 
> > isnt the last line writing out of the array?
> > 
> > [...]
> > 
> 
> Obviously I missed it...
> 
> Is this patch ok ?

i really doubt the FFMIN is correct, what about just decreasing 64->63
in the loop? With a comment why it was changed?

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20080719/f3135ba4/attachment.pgp>

More information about the ffmpeg-devel mailing list