[Ffmpeg-devel] Re: [xine-devel] Suspicious code in xine-lib CVS from 2006-04-16 18:43
Roberto Togni
r_togni
Mon May 29 22:19:38 CEST 2006
On Mon, 29 May 2006 19:16:13 +0200
Michael Niedermayer <michaelni at gmx.at> wrote:
[...]
> >
> > - src/libffmpeg/libavcodec/qdm2.c:1473,1476,1478
> >
> > Variable i already controls the loop in line 1439.
>
> yep that doesnt look good, ill leave this and the other qdm2.c issues to the
> qdm2.c author/maintainer
>
Fixed
>
> >
> > - src/libffmpeg/libavcodec/qdm2.c:541
> >
> > If coding_method[ch][sb][j] - 8 is between 15 and 22 then
> > coding_method[ch][sb][j] is between 23 and 30 and you access beyond
> > array bounds here, because switchtable has only 23 entries.
>
Under checking, even if the author of this part told me that the
code is never executed for all known samples.
[...]
> > ------------------------------------
> > Problems involving the NULL pointer:
> > ------------------------------------
> >
> > - src/libffmpeg/libavcodec/qdm2.c:1454
> >
> > If line 1447 is never executed, then packet is NULL here.
> >
Can't happen. A packet on list B has type from 16 to 47 (not all
values in the range are valid), and that code is executed only if list
B is not empty. So there will always be a packet that satisfy the
condition (> 0 and < 256).
what can be suspicious is the "check for error" condition, since it
should never be true.
[...]
> > - src/libffmpeg/libavcodec/rpza.c:159
That code is correct. See comment at line 122 about abusing opcode 0x20
to enter that case without altering colorA (already assigned).
[...]
Ciao,
Roberto
More information about the ffmpeg-devel
mailing list