[Ffmpeg-devel] Stack overflow patch

Michael Niedermayer michaelni
Fri Mar 2 03:12:58 CET 2007


Hi

On Thu, Mar 01, 2007 at 02:29:48PM -0800, Kristian Amlie wrote:
> Hey!
> 
> This patch fixes ffmpeg so that av_find_stream_info() can be called  
> >from MSVC++ without causing a stack overflow. It does so by replacing  
> the auto array "duration_error" with a malloced array.
> 
> I hope it's useful!
> 
> Regards
> Kristian Amlie

> --- ffmpeg-export-2007-03-01.bak/libavformat/utils.c	Thu Mar  1 13:14:34 2007
> +++ ffmpeg-export-2007-03-01/libavformat/utils.c	Thu Mar  1 13:22:00 2007
> @@ -1814,9 +1814,16 @@
>      AVPacketList *pktl=NULL, **ppktl;
>      int64_t last_dts[MAX_STREAMS];
>      int duration_count[MAX_STREAMS]={0};
> -    double duration_error[MAX_STREAMS][MAX_STD_TIMEBASES]={{0}}; //FIXME malloc()?
> +    double *duration_error[MAX_STREAMS];
>      offset_t old_offset = url_ftell(&ic->pb);
>  
> +    // Equivalent to double duration_error[MAX_STREAMS][MAX_STD_TIMEBASES];
> +    duration_error[0] = av_mallocz(MAX_STREAMS * MAX_STD_TIMEBASES * sizeof(double));
> +    if (!duration_error) return AVERROR_NOMEM;
> +    for (i=1;i<MAX_STREAMS;i++) {
> +        duration_error[i] = duration_error[i-1] + MAX_STD_TIMEBASES;
> +    }

rejected, learn C what you write is a array of pointers, what it should be
is a pointer to array, difference is that its about 5 times less code

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070302/bac4360b/attachment.pgp>



More information about the ffmpeg-devel mailing list