[FFmpeg-devel] [PATCH]Avoid non-strict pointer aliasing in kega decoder

Carl Eugen Hoyos cehoyos at ag.or.at
Tue Mar 5 00:46:42 CET 2013


On Monday 04 March 2013 08:35:14 pm Reimar Döffinger wrote:
> On Mon, Mar 04, 2013 at 08:49:36AM +0000, Carl Eugen Hoyos wrote:

> > Is the last patch ok or are there still changes
> > needed?
>
> I don't mind much, but a 2-byte memcpy isn't great.

> Also it would be better to figure out why AV_COPY16 isn't working...

Sorry, I can only assume it is aliasing-related but I don't know.

> Lastly, I think the copy should be made to use memcpy when
> it makes sense, something along the lines of the attached
> untested patch.

I slightly edited your patch and it fixes kgv decoding with icc (both 
32 and 64bit).

Please push if you like it, Carl Eugen
-------------- next part --------------
diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
index 008843c..4eeffd8 100644
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
@@ -112,7 +112,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
 
                 start = (outcnt + offsets[oidx]) % maxcnt;
 
-                if (maxcnt - start < count)
+                if (maxcnt - start < count || maxcnt - outcnt < count)
                     break;
 
                 if (!prev) {
@@ -121,8 +121,8 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
                     break;
                 }
 
-                inp = prev;
-                inp_off = start;
+                memcpy(out + outcnt, prev + start, 2 * count);
+                outcnt += count;
             } else {
                 // copy from earlier in this frame
                 int offset = (code & 0x1FFF) + 1;
@@ -137,18 +137,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
                     count = 4 + *buf++;
                 }
 
-                if (outcnt < offset)
+                if (outcnt < offset || maxcnt - outcnt < count)
                     break;
 
-                inp = out;
                 inp_off = outcnt - offset;
-            }
-
-            if (maxcnt - outcnt < count)
-                break;
 
             for (i = inp_off; i < count + inp_off; i++) {
-                out[outcnt++] = inp[i];
+                out[outcnt++] = out[i];
+            }
             }
         }
     }


More information about the ffmpeg-devel mailing list