[Ffmpeg-devel] ffplay broken in latest svn

Michael Niedermayer michaelni
Tue Jan 9 18:38:30 CET 2007


Hi

On Tue, Jan 09, 2007 at 02:36:16PM +0200, Nikns Siankin wrote:
> On Tue, Jan 09, 2007 at 01:48:30PM +0200, Nikns Siankin wrote:
> >On Tue, Jan 09, 2007 at 10:50:22AM -0000, Wolfram Gloger wrote:
> >>Hi,
> >>
> >>> --- libavformat/utils.c.orig	Tue Jan  2 22:35:46 2007
> >>> +++ libavformat/utils.c	Tue Jan  9 11:54:36 2007
> >>> @@ -1784,7 +1784,7 @@ int av_find_stream_info(AVFormatContext 
> >>>      AVPacketList *pktl=NULL, **ppktl;
> >>>      int64_t last_dts[MAX_STREAMS];
> >>>      int duration_count[MAX_STREAMS]={0};
> >>> -    double duration_error[MAX_STREAMS][MAX_STD_TIMEBASES]={{0}}; //FIXME malloc()?
> >>> +    double (*duration_error)[MAX_STD_TIMEBASES] = av_mallocz(MAX_STREAMS * MAX_STD_TIMEBASES * sizeof(duration_error));
> >>
> >>Ahem, this, without any further pointer initialization, cannot
> >>possibly be correct, the first duration_error[i][j] dereference will
> >>crash, also I think the sizeof(duration_error) (==
> >>MAX_STD_TIME_BASES*sizeof(double*) in this case) is probably
> >>unintentionally large..
> >
> >sizeof(duration_error) != MAX_STD_TIME_BASES*sizeof(double*)
> >sizeof(duration_error) == sizeof(double*)
> 
> And thats why it will be unintentionally small... for 32bit platforms,
> because we need to allocate space for doubles not pointers to doubles.
> Correct patch:

patch looks ok assuming regression tests pass

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The educated differ from the uneducated as much as the living from the
dead. -- Aristotle 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070109/bf999134/attachment.pgp>



More information about the ffmpeg-devel mailing list