[FFmpeg-devel] [BUG] qdm2.c over read in array
Thu Jan 10 00:20:41 CET 2008
On Tue, 08 Jan 2008 08:10:30 +0100
Benjamin Larsson <banan at ludd.ltu.se> wrote:
> Roberto Togni wrote:
> > On Mon, 07 Jan 2008 18:18:45 +0100
> > Benjamin Larsson <banan at ludd.ltu.se> wrote:
> >> fill_coding_method_array line:
> >> tmp = tone_level_idx[ch][sb][j + 1] * 2 - add4 - add3 - add2 - add1;
> >> over reads the array. for(j=0 ; j<64 ; j++)
> > Do you have a sample that triggers it? Most of that function
> > (including this line) is untested because no known sample uses that
> > code; probably some error slipped in during the rewriting.
> > Ciao,
> > Roberto
> No, but we should fix it anyway.
Agree, I just hoped that you had a sample to test this unknown case.
Btw the same problem happens also a few lines later
tone_level_idx_temp[ch][sb][j+1] = tmp & 0xff;
The 64 in the for is ok, it comes from a 128 divided by a parameter that
is always 2; moreover j<63 makes no sense since the next cycle reads
all the array.
The j+1 looks ok back to the code that I was able to inspect, to go
deeper I need to go back to the asm level.
I'll have a better look, but if I don't find a solution I'm for
disabling this case since it's unused by any sample.
Better is the enemy of good enough.
More information about the ffmpeg-devel