[Ffmpeg-devel] [PATCH] THP PCM decoder (GSoC Qualification)
Michael Niedermayer
michaelni
Sat Apr 7 16:44:03 CEST 2007
Hi
On Sat, Apr 07, 2007 at 03:35:29PM +0200, Marco Gerards wrote:
> Michael Niedermayer <michaelni at gmx.at> writes:
>
> Hi,
>
> > Hi
> >
> > On Sat, Apr 07, 2007 at 02:17:40PM +0200, Marco Gerards wrote:
> >> Michael Niedermayer <michaelni at gmx.at> writes:
> >>
> >> Hi,
> >>
> >> [...]
> >>
> >> >> + /* Initialize the previous sample. */
> >> >> + for (ch = 0; ch < 2; ch++) {
> >> >> + prev1[ch] = get_sbits(&gb, 16);
> >> >> + prev2[ch] = get_sbits(&gb, 16);
> >> >> + }
> >> >> +
> >> >> + if (samples + samplecnt * (st + 1L) >= samples_end) {
> >> >> + av_log(avctx, AV_LOG_ERROR, "allocated output buffer is too small\n");
> >> >> + return -1;
> >> >> + }
> >> >
> >> > this check is still insufficient
> >> > samplecnt= 0xFFFFFFFF, st=0 will amongth many others still pass as long as
> >> > pointers are 32bit (yeah 32bit systems are still the majority AFIAK)
> >> > and on 64bit its a gamble if random pointer + 0xFFFFFFFF will overflow
> >> > probably it wont but thats just luck
> >>
> >> How about:
> >> if (samplecnt * (st + 1L) >= samples_end - samples) {
> >> av_log(avctx, AV_LOG_ERROR, "allocated output buffer is too small\n");
> >> return -1;
> >> }
> >>
> >> In that case I think no bad stuff will happen.
> >
> > on 32bit systems, long and int are 32bit
> >
> > 0x80000000 * (1 + 1L) >= samples_end - samples
> > 0x80000000 * 2L >= samples_end - samples
> > 0 >= samples_end - samples
>
> Ah, I finally see why we are misunderstanding eachother, or at least
> why I wasn't understanding you. I was, for some reason, confinced
> long is 64 bits on all systems. I have a 64 bits system here and I
> couldn't reproduce any problem. Here is a new patch in which I move
> the division to the other side (like rich said).
patch looks ok
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The misfortune of the wise is better than the prosperity of the fool.
-- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070407/f43760a3/attachment.pgp>
More information about the ffmpeg-devel
mailing list