[FFmpeg-devel] [BUG][PATCH] qdm2 fixes

Benjamin Larsson banan
Sat Jul 19 20:53:36 CEST 2008


Michael Niedermayer wrote:
> On Sat, Jul 19, 2008 at 05:55:38PM +0200, Benjamin Larsson wrote:
>> Michael Niedermayer wrote:
>>> On Fri, Jul 18, 2008 at 10:52:23PM +0200, Benjamin Larsson wrote:
>>>> 1 static overrun and 1 null pointer dereference. They are small so I
>>>> attached both. These will close Coverity bugs: 68 and 112. Regarding the
>>>> overrun this will only make sure we don't over read. I don't know what
>>>> the correct fix is. And this code is never run also.
>>>>
>>>> MvH
>>>> Benjamin Larsson
>>>> Index: libavcodec/qdm2.c
>>>> ===================================================================
>>>> --- libavcodec/qdm2.c	(revision 14282)
>>>> +++ libavcodec/qdm2.c	(working copy)
>>>> @@ -1452,6 +1452,9 @@
>>>>          max = min;
>>>>  
>>>>          /* check for errors (?) */
>>>> +        if (!packet)
>>>> +            return;
>>>> +
>>>>          if (i == 0 && (packet->type < 16 || packet->type >= 48 || fft_subpackets[packet->type - 16]))
>>>>              return;
>>>>  
>>> ok
>>>
>>>
>>>> Index: libavcodec/qdm2.c
>>>> ===================================================================
>>>> --- libavcodec/qdm2.c	(revision 14282)
>>>> +++ libavcodec/qdm2.c	(working copy)
>>>> @@ -704,7 +704,7 @@
>>>>                          if (add4 < 0)
>>>>                              add4 = 0;
>>>>                      }
>>>> -                    tmp = tone_level_idx[ch][sb][j + 1] * 2 - add4 - add3 - add2 - add1;
>>>> +                    tmp = tone_level_idx[ch][sb][FFMAX(j + 1,63)] * 2 - add4 - add3 - add2 - add1;
>>>>                      if (tmp < 0)
>>>>                          tmp = 0;
>>>>                      tone_level_idx_temp[ch][sb][j + 1] = tmp & 0xff;
>>> isnt the last line writing out of the array?
>>>
>>> [...]
>>>
>> Obviously I missed it...
>>
>> Is this patch ok ?
> 
> i really doubt the FFMIN is correct, what about just decreasing 64->63
> in the loop? With a comment why it was changed?
> 

Done.

MvH
Benjamin Larsson




More information about the ffmpeg-devel mailing list