[FFmpeg-soc] BFI Decoder
Michael Niedermayer
michaelni at gmx.at
Wed Apr 16 23:01:37 CEST 2008
On Thu, Apr 17, 2008 at 01:59:08AM +0530, Sisir Koppaka wrote:
> Hi,
> The decoder is compiling without errors, but when playing, some sound comes
> out, some part is decoded and then it crashes with this message:
> *** glibc detected *** ./ffplay: corrupted double-linked list: 0x085ede28
> ***
> Any help would be appreciated.
try valgrind
[...]
> static int bfi_decode_init(AVCodecContext * avctx)
> {
> BFIContext *bfi = avctx->priv_data;
> bfi->frame.reference = 1;
> bfi->frame.buffer_hints =
> FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_READABLE |
> FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
> avctx->pix_fmt = PIX_FMT_PAL8;
> bfi->frame.data[0] = NULL;
things are 0 by default
[...]
> while (dst != frame_end) {
> byte = *buf++;
> code = byte >> 6;
> length = byte & ~0xC0;
> switch (code) {
> case 0: //Normal Chain
> if (length == 0) {
> length = bytestream_get_le16(&buf);
> }
> bytestream_get_buffer(&buf, dst, length);
exploitable
[...]
> case 2: //Skip Chain
> if (length == 0) {
> length = bytestream_get_le16(&buf);
> }
> if (length == 0)
> goto finish;
> dst += length;
> av_log(NULL,AV_LOG_INFO, "\n[DECODER] Skip Chain.");
> break;
> case 3: //Fill Chain
> if (length == 0) {
> length = bytestream_get_le16(&buf);
> }
duplicate code
[...]
> while(height--)
> {
> memcpy(dst, src, avctx->width);
> src += avctx->width;
> dst += wrap_to_next_line + avctx->width;
> }
this can be simplified
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The misfortune of the wise is better than the prosperity of the fool.
-- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-soc/attachments/20080416/5176f960/attachment.pgp>
More information about the FFmpeg-soc
mailing list