[FFmpeg-devel] [HACK] fix CAVS decoder crashes
Michael Niedermayer
michaelni
Mon Dec 13 13:55:01 CET 2010
On Mon, Dec 13, 2010 at 08:32:03AM +0100, Stefan Gehrer wrote:
> On 12/12/2010 05:04 PM, Reimar D?ffinger wrote:
[...]
>> Index: libavcodec/cavsdec.c
>> ===================================================================
>> --- libavcodec/cavsdec.c (revision 25928)
>> +++ libavcodec/cavsdec.c (working copy)
>> @@ -122,7 +122,7 @@
>>
>> for(i=0;i<65;i++) {
>> level_code = get_ue_code(gb,r->golomb_order);
>> - if(level_code>= ESCAPE_CODE) {
>> + if(level_code>= ESCAPE_CODE || level_code< 0) {
>> run = ((level_code - ESCAPE_CODE)>> 1) + 1;
>> esc_code = get_ue_code(gb,esc_golomb_order);
>> level = esc_code + (run> r->max_run ? 1 : r->level_add[run]);
>
> get_ue_golomb() from golomb.h and get_ue_code() should probably be fixed
> to return unsigned values, the negative values don't have any meaning.
that wont change anything, esc_codes signed ness is what would make a difference
but this too wont fix it as 'esc_code +' will overflow
what is missing is a check that the value is within valid range
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No great genius has ever existed without some touch of madness. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101213/4bda3732/attachment.pgp>
More information about the ffmpeg-devel
mailing list