[Ffmpeg-devel] [PATCH] DXA demuxer and decoder

Kostya kostya.shishkov
Wed Mar 14 15:51:20 CET 2007


On Tue, Mar 13, 2007 at 11:39:52PM +0100, Michael Niedermayer wrote:
> Hi
> 
> On Tue, Mar 13, 2007 at 08:27:23PM +0200, Kostya wrote:
> [...]
> 
> [configure/makefile stuff i dont maintain ...]

[...]
> > +    *data_size = sizeof(AVFrame);
> > +    *(AVFrame*)data = c->pic;
> > +
> > +    avctx->release_buffer(avctx, &c->prev);
> > +    c->prev = c->pic;
> 
> please use FFSWAP, instead of duplicating the AVFrame, ive a bad feeling
> about this, it has the potential for memleaks and other weirdness
> this also makes c->pic.data[0] = NULL; unneeded

done 
 
> [...]
> > +    c->pic.data[0] = NULL;
> 
> please remove this, if its not NULL thats a bug, the NULL check is a feature
> to detect messup with allocating and deallocating avframes ...

done

> [...]
> > +            if(av_new_packet(pkt, 4 + pal_size) < 0)
> > +                return AVERROR_NOMEM;
> 
> > +            pkt->size = 4 + pal_size;
> 
> hmm what does that do?

yes, it's redundant, removed
 
> 
> > +            pkt->stream_index = c->has_sound;
> 
> if you create the mandatory video stream first then video where always 0
> and audio if it exists always 1

done

> [...]
> > +            get_buffer(&s->pb, buf + 4, DXA_EXTRA_SIZE - 4);
> > +            size = AV_RB32(buf + 5);
> > +            if(av_new_packet(pkt, size + DXA_EXTRA_SIZE + pal_size) < 0)
> > +                return AVERROR_NOMEM;
> > +            memcpy(pkt->data + pal_size, buf, DXA_EXTRA_SIZE);
> > +            ret = get_buffer(&s->pb, pkt->data + DXA_EXTRA_SIZE + pal_size, size);
> 
> integer overflow leading to writing data over the end of an array
> probably not exploitable but still

added check
 
> except these patch ok

committed. If something else will occur I'm still a maintainer. 

> [...]
> -- 
> Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> 
> I count him braver who overcomes his desires than him who conquers his
> enemies for the hardest victory is over self. -- Aristotle






More information about the ffmpeg-devel mailing list