[FFmpeg-devel] ADPCM task (was Re: files in incoming)
Stefan Gehrer
stefan.gehrer
Fri Jan 30 08:06:04 CET 2009
Michael Niedermayer wrote:
> On Thu, Jan 29, 2009 at 10:03:29PM +0100, Reimar D?ffinger wrote:
>> On Thu, Jan 29, 2009 at 08:40:53PM +0100, Stefan Gehrer wrote:
>>> Index: libavcodec/adpcm.c
>>> ===================================================================
>>> --- libavcodec/adpcm.c (revision 16828)
>>> +++ libavcodec/adpcm.c (working copy)
>>> @@ -1300,9 +1300,10 @@
>>> }
>>>
>>> for (channel=0; channel<avctx->channels; channel++) {
>>> - srcC = src + (big_endian ? bytestream_get_be32(&src)
>>> - : bytestream_get_le32(&src))
>>> - + (avctx->channels-channel-1) * 4;
>>> + uint32_t offset = (big_endian ? bytestream_get_be32(&src)
>>> + : bytestream_get_le32(&src));
>>> +
>>> + srcC = src + offset + (avctx->channels-channel-1) * 4;
>> He, that is obviously true. The code does have another issue though,
>> it never checks for the end of src, so there may be overreads which show
>> up in valgrind.
>> I hacked together a patch for it but don't have the motivation to clean
>> it up...
> [...]
>> @@ -1303,6 +1304,7 @@
>> srcC = src + (big_endian ? bytestream_get_be32(&src)
>> : bytestream_get_le32(&src))
>> + (avctx->channels-channel-1) * 4;
>> + if (srcC > src_end - 4) break;
>
> this is not enough
> the code above allows srcC to be set to any value on 32bit archs
How about this then ...
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: adpcmsrc.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090130/84c52586/attachment.txt>
More information about the ffmpeg-devel
mailing list