[MPlayer-dev-eng] Re: [MPlayer-users] patch to fix bad code (UMR) in mp3lib/layer2.c causing signal 11 in mplayer

Mon Jan 27 06:44:33 CET 2003

Would someone please check that this works ok and then commit it? I
forgot about it until the patch author emailed to remind me. I would
commit it myself, but my machine is out of commission right now so I
can't test mplayer, and I don't want to screw something up!

Rich

On Thu, Jan 23, 2003 at 02:38:31AM -0500, D Richard Felker III wrote:
> This patch was sent to -users and looks good to me. Unless anyone
> objects or commits it first I'll commit it.
> 
> Rich
> 
> 
> On Thu, Jan 23, 2003 at 02:00:02AM -0500, Nilmoni Deb wrote:
> > [Automatic answer: RTFM (read DOCS, FAQ), also read DOCS/bugreports.html]
> > 
> > This is in reference to the bug reported in
> > http://mplayerhq.hu/pipermail/mplayer-users/2003-January/027281.html .
> > The bug appearred for a movie whose audio is mp2 (so thats all is needed 
> > to reproduce the problem since the bug is in mp3lib/layer2.c).
> > 
> > The problem is very easy to see as follows:
> > 
> > In mp3lib/sr1.c, look at the line 226:
> > 
> >   if(fr->sampling_frequency>8) return FALSE;  // valid: 0..8
> > 
> > which allows fr->sampling_frequency to go up to 8.
> > 
> > Now, in mp3lib/layer2.c, in the function definition of II_select_table,
> > this code exists:
> > 
> >   if(fr->lsf)
> >     table = 4;
> >   else
> >     table = translate[fr->sampling_frequency][2-fr->stereo][fr->bitrate_index];
> > 
> > The problem is that in II_select_table function definition, translate is
> > declared as:
> > 
> >   static int translate[3][2][16] = .....
> > 
> > which means fr->sampling_frequency must be < 3 to prevent illegal memory
> > reads.
> > 
> > Obviously, the code does not bother about what would happen if
> > fr->sampling_frequency lies in the range [3,8]. In my test case,
> > fr->sampling_frequency = 3 and naturally there is a problem.
> > 
> > Here is a patch to fix this:
> > 
> > ----- PATCH STARTS NEXT LINE ---------------
> > --- layer2.c    2003-01-08 02:20:23.000000000 +0000
> > +++ layer2.c.new        2003-01-23 01:49:55.000000000 +0000
> > @@ -241,13 +241,28 @@
> > 
> >  static void II_select_table(struct frame *fr)
> >  {
> > -  static int translate[3][2][16] =
> > -   { { { 0,2,2,2,2,2,2,0,0,0,1,1,1,1,1,0 } ,
> > -       { 0,2,2,0,0,0,1,1,1,1,1,1,1,1,1,0 } } ,
> > -     { { 0,2,2,2,2,2,2,0,0,0,0,0,0,0,0,0 } ,
> > -       { 0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0 } } ,
> > -     { { 0,3,3,3,3,3,3,0,0,0,1,1,1,1,1,0 } ,
> > -       { 0,3,3,0,0,0,1,1,1,1,1,1,1,1,1,0 } } };
> > +  static int translate[8][2][16] =
> > +   { { { 0,2,2,2,2,2,2,0,0,0,1,1,1,1,1,0 } ,   /*44.1 stereo*/
> > +       { 0,2,2,0,0,0,1,1,1,1,1,1,1,1,1,0 } } , /*44.1 mono*/
> > +     { { 0,2,2,2,2,2,2,0,0,0,0,0,0,0,0,0 } ,   /*48 stereo*/
> > +       { 0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0 } } , /*48 mono*/
> > +     { { 0,3,3,3,3,3,3,0,0,0,1,1,1,1,1,0 } ,   /*32 stereo*/
> > +       { 0,3,3,0,0,0,1,1,1,1,1,1,1,1,1,0 } } , /*32 mono*/
> > +     { { 2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,0 } ,   /*22.05 stereo*/
> > +       { 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,0 } } , /*22.05 mono*/
> > +     { { 2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,0 } ,   /*24 stereo*/
> > +       { 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,0 } } , /*24 mono*/
> > +     { { 2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,0 } ,   /*16 stereo*/
> > +       { 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,0 } } , /*16 mono*/
> > +     { { 2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,0 } ,   /*11.025 stereo*/
> > +       { 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,0 } } , /*11.025 mono*/
> > +     { { 2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,0 } ,   /*12 stereo*/
> > +       { 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,0 } } , /*12 mono*/
> > +     { { 2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,0 } ,   /*8 stereo*/
> > +       { 2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,0 } }   /*8 mono*/
> > +/*       0  48  64  96 128 192 256 384 */
> > +/*        32  56  80 112 160 224 320  XX*/
> > +       };
> > 
> >    int table,sblim;
> >    static struct al_table *tables[5] =
> > ----- PATCH ENDED PREVIOUS LINE ---------------
> > 
> > This is from Nick.
> > 
> > thanks
> > - Nil
> > 
> > _______________________________________________
> > RTFM!!!  http://www.MPlayerHQ.hu/DOCS
> > Search:  http://www.MPlayerHQ.hu/cgi-bin/htsearch
> > http://mplayerhq.hu/mailman/listinfo/mplayer-users
> _______________________________________________
> MPlayer-dev-eng mailing list
> MPlayer-dev-eng at mplayerhq.hu
> http://mplayerhq.hu/mailman/listinfo/mplayer-dev-eng