[FFmpeg-devel] [PATCH] RV30/40 decoder

Rich Felker dalias
Tue Sep 18 05:59:35 CEST 2007


On Mon, Sep 17, 2007 at 05:49:58PM +0100, M?ns Rullg?rd wrote:
> > Still I find the usage of variable size stack arrays as sign for bad coding.
> > If you want to put assert or non-debug check of the size you are
> > forced put the declaration after the code (or use new block{} that is
> > even uglier) .
> 
> The same C standard (C99) that introduced variable-size arrays also
> allows declarations after code.  If you don't like that, you can do
> something like this:
> 
> int foo = (assert(size < X), 0);
> char buf[size];

Assert is illegal in libav* unless it provably evaluates to true under
all valid programming uses, regardless of data validity.

If you really want such a hack, something like this will work:
int check = size<X;
char buf[check?size:1];
if (!check) goto fail;

Also please note that alloca is subject to the exact same problems and
validity checking requirements as VLAs. There is absolutely no
checking for stack overflow in alloca. In gcc it's implemented as a
compiler intrinsic identical to VLA.

Rich




More information about the ffmpeg-devel mailing list