[FFmpeg-devel] [PATCH] Change type to 16 bit.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Sat Apr 26 12:46:52 CEST 2014

On Tue, Apr 22, 2014 at 11:46:56PM +0200, Nicolas George wrote:
> Le tridi 3 floréal, an CCXXII, Reimar Döffinger a écrit :
> > The compiler complains because the condition can
> > never be true.
> This part I do not understand: if I read the code correctly, the check
> against V_MAX_PARTITIONS (= 1 << 20) happens before ptns_to_read is defined,
> and the begin and end fields are wide enough.

       res_setup->ptns_to_read =
            (res_setup->end - res_setup->begin) / res_setup->partition_size;
        /* Validations to prevent a buffer overflow later. */
        if (res_setup->begin>res_setup->end ||
            res_setup->end > (res_setup->type == 2 ? vc->audio_channels : 1) * vc->blocksize[1] / 2 ||
            res_setup->ptns_to_read > V_MAX_PARTITIONS) {

ptns_to_read is assigned and then checked against the limit.
It also means that ptns_to_read can be truncated, and there is
no check against that.
This seems risky to me, too, regardless of whether it works fine
currently (it should, since end is only ever used for a sanity
check in vorbis_residue_decode_internal, so inconsistencies between
ptns_to_read and the begin/end difference hopefully do not matter).

More information about the ffmpeg-devel mailing list