[FFmpeg-devel] [BUG] qdm2.c over read in array

Roberto Togni rxt
Thu Jan 10 00:20:41 CET 2008


On Tue, 08 Jan 2008 08:10:30 +0100
Benjamin Larsson <banan at ludd.ltu.se> wrote:

> Roberto Togni wrote:
> > On Mon, 07 Jan 2008 18:18:45 +0100
> > Benjamin Larsson <banan at ludd.ltu.se> wrote:
> > 
> >> fill_coding_method_array line:
> >>
> >>  tmp = tone_level_idx[ch][sb][j + 1] * 2 - add4 - add3 - add2 - add1;
> >>
> >> over reads the array. for(j=0 ; j<64 ; j++)
> >>
> > 
> > Do you have a sample that triggers it? Most of that function
> > (including this line) is untested because no known sample uses that
> > code; probably some error slipped in during the rewriting.
> > 
> > Ciao,
> >  Roberto
> > 
> 
> No, but we should fix it anyway.
> 

Agree, I just hoped that you had a sample to test this unknown case.

Btw the same problem happens also a few lines later
tone_level_idx_temp[ch][sb][j+1] = tmp & 0xff;

The 64 in the for is ok, it comes from a 128 divided by a parameter that
is always 2; moreover j<63 makes no sense since the next cycle reads
all the array.
The j+1 looks ok back to the code that I was able to inspect, to go
deeper I need to go back to the asm level.

I'll have a better look, but if I don't find a solution I'm for
disabling this case since it's unused by any sample.

Ciao,
 Roberto

-- 
Better is the enemy of good enough.




More information about the ffmpeg-devel mailing list