[Ffmpeg-devel] [PATCH] off-by-one errors in rangecoder.c and truemotion1.c

Wed Mar 8 22:33:26 CET 2006

Hi,
please have a look at the attached patch. Since there are only 17 known
compression types starting with 0, compression type == 17 is not valid.
Not so sure about the right fix for the rangecoder problem though (since
I have no real idea what the code does ;-) )
And while I'm at it: maybe some of you can have a look at
scan.coverity.com, some of their results are quite helpful (some of
course aren't - but in case you have time to waste *g*)

Greetings,
Reimar D?ffinger
-------------- next part --------------
Index: libavcodec/truemotion1.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/truemotion1.c,v
retrieving revision 1.15
diff -u -r1.15 truemotion1.c

--- libavcodec/truemotion1.c	12 Jan 2006 22:43:17 -0000	1.15
+++ libavcodec/truemotion1.c	8 Mar 2006 21:25:53 -0000
@@ -388,7 +388,7 @@
         }
     }
 
-    if (header.compression > 17) {
+    if (header.compression >= 17) {
         av_log(s->avctx, AV_LOG_ERROR, "invalid compression type (%d)\n", header.compression);
         return -1;
     }
-------------- next part --------------
Index: libavcodec/rangecoder.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/rangecoder.c,v
retrieving revision 1.5
diff -u -r1.5 rangecoder.c
--- libavcodec/rangecoder.c	12 Jan 2006 22:43:16 -0000	1.5
+++ libavcodec/rangecoder.c	8 Mar 2006 21:33:07 -0000
@@ -111,7 +111,7 @@
     }
 
     for(i=0; i<256; i++)
-        c->zero_state[i]= 256-c->one_state[256-i];
+        c->zero_state[i]= 255-c->one_state[255-i];
 #if 0
     for(i=0; i<256; i++)
         av_log(NULL, AV_LOG_DEBUG, "%3d %3d\n", i, c->one_state[i]);

