[Ffmpeg-devel] [RFC] Fraps v2 support

Michael Niedermayer michaelni
Sat Nov 4 11:57:15 CET 2006 

Hi

On Sat, Nov 04, 2006 at 08:04:12AM +0200, Kostya wrote:
[...]
> > > +        }
> > 
> > there is a possible problem here, and that is that the sum of the 2 counts
> > can overflow, if it does then this loop will reorder too many elements 
> > and by doing that trash the n0/n1 pointers which then a few lines later
> > could lead to a stack overflow due the recursive vlc building being
> > run on a tree which isnt one as it contains a loop from the corruption
> 
> Added an explicit check for that

well, as the counts are added recursivly, the check is insufficient to
prevent overflow and corrupting the pointer structure, though i dont know
if it can lead to loops (i failed to find an example where it did)
also keep in mind that the SWAP check is signed currently not unsigned
if it where unsigned the overflows would happen a few iterations later ...

0x40000000
0x40000000

0x40000000
0x40000000
0x80000000 (overflow if signed compare, this will be moved up incorrectly)
--------------
0x40000000
0x40000000
0x40000000
0x40000000

0x40000000
0x40000000
0x40000000
0x40000000
0x80000000 

0x40000000
0x40000000
0x40000000
0x40000000
0x80000000 
0x80000000 

0x40000000
0x40000000
0x40000000
0x40000000
0x80000000 
0x80000000 
0x00000000 (overflow if unsigned compare, this will be moved up incorrectly)


[...]
> +    for(i = 0; i < 511; i += 2){
> +        s->nodes[cur_node].sym = HNODE;
> +        s->nodes[cur_node].count = s->nodes[i].count + s->nodes[i+1].count;
> +        s->nodes[cur_node].n0 = i;
> +        for(j = cur_node; j > 0; j--){
> +            if(s->nodes[j].count >= s->nodes[j - 1].count) break;
> +            FFSWAP(Node, s->nodes[j], s->nodes[j - 1]);
> +        }
> +        cur_node++;
> +    }


[...]
> +        offs[planes] = buf_size;
> +        for(i = 0; i < planes; i++){
> +            ss = !!i;

id suggest rename ss to is_chroma for readabilitiy

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is

More information about the ffmpeg-devel mailing list