[Ffmpeg-devel] Re: [xine-devel] Suspicious code in xine-lib CVS from 2006-04-16 18:43

Roberto Togni r_togni
Mon May 29 22:19:38 CEST 2006


On Mon, 29 May 2006 19:16:13 +0200
Michael Niedermayer <michaelni at gmx.at> wrote:

[...]
> > 
> > - src/libffmpeg/libavcodec/qdm2.c:1473,1476,1478
> > 
> > Variable i already controls the loop in line 1439.
> 
> yep that doesnt look good, ill leave this and the other qdm2.c issues to the 
> qdm2.c author/maintainer
> 

Fixed

> 
> > 
> > - src/libffmpeg/libavcodec/qdm2.c:541 
> > 
> > If coding_method[ch][sb][j] - 8 is between 15 and 22 then
> > coding_method[ch][sb][j] is between 23 and 30 and you access beyond
> > array bounds here, because switchtable has only 23 entries.
> 

Under checking, even if the author of this part told me that the
code is never executed for all known samples.

[...]
> > ------------------------------------
> > Problems involving the NULL pointer:
> > ------------------------------------
> > 
> > - src/libffmpeg/libavcodec/qdm2.c:1454
> > 
> > If line 1447 is never executed, then packet is NULL here.
> > 

Can't happen. A packet on list B has type from 16 to 47 (not all
values in the range are valid), and that code is executed only if list
B is not empty. So there will always be a packet that satisfy the
condition (> 0 and < 256).
what can be suspicious is the "check for error" condition, since it
should never be true.

[...]
> > - src/libffmpeg/libavcodec/rpza.c:159

That code is correct. See comment at line 122 about abusing opcode 0x20
to enter that case without altering colorA (already assigned).

[...]

Ciao,
 Roberto




More information about the ffmpeg-devel mailing list