[Ffmpeg-devel] Re: Suspicious code in xine-lib CVS from 2006-04-16 18:43
Michael Niedermayer
michaelni
Tue May 30 01:08:20 CEST 2006
Hi
On Mon, May 29, 2006 at 11:07:25PM +0200, Christoph Bartoschek wrote:
> Hi,
>
> I answer you directly and not to the mailinglist because I do not read it.
> You might forward it to the mailinglist if you want to inform the others.
[...]
> > > - src/libffmpeg/libavcodec/asv1.c:293
> > >
> > > When line 287 is true then ccp becomes 8 and the access is out of
> > > bounds.
> >
> > your checker has the same bug as coverity, this isnt possible
>
> How should one see that "i==0" and "(block[index + 0] = (block[index +
> 0]*a->q_intra_matrix[index + 0] + (1<<15))>>16)" cannot be true at the same
> time?
elementary school math
static const uint8_t scantab[64]={
0x00,0x08,0x01,0x09,0x10,0x18,0x11,0x19,
...
};
...
block[0]= 0;
for(i=0; i<=count; i++){
const int index= scantab[4*i]; i==0 -> index = scantable[0] -> index = 0
int ccp=0;
if( (block[index + 0] = (block[index + 0]*a->q_intra_matrix[index + 0] + (1<<15))>>16) ) ccp |= 8;
-> if( (block[ 0] = (block[ 0]*a->q_intra_matrix[ 0] + (1<<15))>>16) ) ccp |= 8;
-> if( (block[ 0] = ( 0*a->q_intra_matrix[ 0] + (1<<15))>>16) ) ccp |= 8;
-> if( (block[ 0] = ( (1<<15))>>16) ) ccp |= 8;
-> if( (block[ 0] = 0 ) ) ccp |= 8;
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is
More information about the ffmpeg-devel
mailing list