[FFmpeg-devel] [PATCH] ALS decoder

Michael Niedermayer michaelni
Thu Sep 3 15:04:19 CEST 2009 

On Thu, Sep 03, 2009 at 01:58:11AM +0200, Thilo Borgmann wrote:
[...]
> > 
> >> +        av_log(ctx->avctx, AV_LOG_WARNING,
> >> +               "Reading frame data failed. Skipping RA unit.\n");
> >> +
> >> +    // increment the frame counter
> >> +    ctx->frame_id++;
> >> +
> >> +    // transform decoded frame into output format
> >> +    #define INTERLEAVE_OUTPUT(bps)                                 \
> >> +    {                                                              \
> >> +        int##bps##_t *dest = (int##bps##_t*) data;                 \
> >> +        shift = bps - ctx->avctx->bits_per_raw_sample;             \
> >> +        for (sample = 0; sample < ctx->cur_frame_length; sample++) \
> >> +            for (c = 0; c < avctx->channels; c++)                  \
> >> +                *dest++ = ctx->raw_samples[c][sample] << shift;    \
> >> +    }
> >> +
> >> +    if (ctx->avctx->bits_per_raw_sample <= 16) {
> >> +        INTERLEAVE_OUTPUT(16)
> >> +    } else {
> >> +        INTERLEAVE_OUTPUT(32)
> >> +    }
> >> +
> >> +    *data_size = ctx->cur_frame_length * avctx->channels
> >> +                 * (av_get_bits_per_sample_format(avctx->sample_fmt) >> 3);
> > 
> > data_size is not checked before writing into the buffer
> > 
> > 
> > ...
> > 
> >> +    // check for size of decoded data
> >> +    data_size = sconf->frame_length * avctx->channels *
> >> +                (av_get_bits_per_sample_format(avctx->sample_fmt) >> 3);
> >> +
> >> +    if (data_size > INT_MAX) {
> >> +        av_log(avctx, AV_LOG_ERROR, "Decoded data exceeds buffer size.\n");
> >> +        decode_end(avctx);
> >> +        return -1;
> >> +    }
> > 
> > whatever this check should do it doesnt work, it wont ever be true as the
> > multiplications are using int not int64
> 
> I did this to check data_size before writing into the buffer - you
> already complained about this. Ok it is wrong as-is but is this a valid
> test for the case mentioned above if done correctly (MUL64()) or not?

its not
what is missing is a
if(the_number_of_samples_i_will_write > *data_size)

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090903/94583e46/attachment.pgp>

More information about the ffmpeg-devel mailing list