[FFmpeg-devel] [PATCH] vorbisdec: Simplify, do no calculate same value twice.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Thu Apr 12 21:03:11 CEST 2012
On Wed, Apr 11, 2012 at 09:45:32PM +0200, Reimar Döffinger wrote:
> The 0 assignment is just for paranoia reasons, the function
> is only called from init and we should bail out directly
> on failure.
>
> Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> ---
> libavcodec/vorbisdec.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
> index ddc79fc..2268a45 100644
> --- a/libavcodec/vorbisdec.c
> +++ b/libavcodec/vorbisdec.c
> @@ -685,10 +685,13 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc)
> res_setup->begin = get_bits(gb, 24);
> res_setup->end = get_bits(gb, 24);
> res_setup->partition_size = get_bits(gb, 24) + 1;
> + res_setup->ptns_to_read =
> + (res_setup->end - res_setup->begin) / res_setup->partition_size;
> /* Validations to prevent a buffer overflow later. */
> if (res_setup->begin>res_setup->end ||
> res_setup->end > (res_setup->type == 2 ? vc->audio_channels : 1) * vc->blocksize[1] / 2 ||
> - (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) {
> + res_setup->ptns_to_read > V_MAX_PARTITIONS) {
> + res_setup->ptns_to_read = 0;
Ouch, something is broken here.
ptns_to_read is only uint16_t, but V_MAX_PARTITIONS is (1<<20).
It seems likely to me that ptns_to_read should be unsigned instead, but
maybe someone else could look into that?
More information about the ffmpeg-devel
mailing list