[FFmpeg-devel] [PATCH] Fix DV uninitialized reads

Reimar Döffinger Reimar.Doeffinger
Tue Sep 29 13:52:56 CEST 2009


On Mon, Sep 21, 2009 at 02:40:51PM +0200, Reimar D?ffinger wrote:
> Hello,
> I think this fixes the uninitialized data in the DV encoder that causes
> sporadic "make test" failures, at least valgrind complains no longer.
> Quick measurements with "time" indicate a slowdown by about 0.8%.
> regression test values for the encoded files changes (memset to 0
> instead of 0xff might avoid that though), but the decoded data
> stays the same - so at least for the cases "make test" covers it is
> correct.

Ok, a different version.
It uses s->sys->block_sizes even though I think it pointlessly bloats
and complexifies the code, it memsets to 0xff still because the
regression tests change anyway and the spec does not say anything about
which value to use, and it returns -1 if the bitstream wrote too far,
even though the return value is not checked anywhere.
-------------- next part --------------
Index: libavcodec/dv.c
===================================================================
--- libavcodec/dv.c	(revision 20079)
+++ libavcodec/dv.c	(working copy)
@@ -1102,8 +1102,19 @@
             av_log(NULL, AV_LOG_ERROR, "ac bitstream overflow\n");
     }
 
-    for (j=0; j<5*s->sys->bpm; j++)
+    for (j=0; j<5*s->sys->bpm; j++) {
+       int size = s->sys->block_sizes[j % s->sys->bpm];
+       int pos;
        flush_put_bits(&pbs[j]);
+       pos = put_bits_count(&pbs[j]);
+       if (pos > size) {
+           av_log(NULL, AV_LOG_ERROR, "bitstream written beyond buffer size\n");
+           return -1;
+       }
+       size >>= 3;
+       pos >>= 3;
+       memset(pbs[j].buf + pos, 0, size - pos);
+    }
 
     return 0;
 }



More information about the ffmpeg-devel mailing list